Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 18:18:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,970 Commits 15 Branches 34 Tags
a685fc252dd7f2ba8de5bf7fde5d330a30088a8b
Commit Graph

4970 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
fdb2da80d6 fix typo 2025-04-09 20:35:44 +02:00
Dirk
5d9d5276e3 Firefox 137 (Win 11) 2025-04-09 20:28:31 +02:00
Dirk
51fce5feb1 fix ja3/4 for Edge 133 Win 11 23H2 2025-04-09 20:18:24 +02:00
Dirk
b18dd2aa28 Edge 133 Win 11 23H2 2025-04-09 20:14:42 +02:00
Dirk
647aeae205 Update docu and (futile) perl script 2025-04-09 20:00:47 +02:00
Dirk
f337f53e49 Reorder Java 8 2025-04-09 19:40:12 +02:00
Dirk
85232b7bc5 Chromium 137 Win 11 2025-04-09 19:31:35 +02:00
Dirk Wetter
8b1339b29d Merge pull request #2734 from PeterDaveHello/FixDockerHubReadmeBadge 
Fix Docker Hub badge in Readme.md
 2025-04-09 18:51:08 +02:00
David Cooper
9f48c51dc7 Get supported groups list from OpenSSL 3.5.0 
In OpenSSL 3.5.0 the `list` command can be used to obtain a list of supported groups for TLS. The commit makes use of this command when $OPENSSL is OpenSSL 3.5.0 or later. This should be faster than testing curves one at a time.
 2025-04-09 09:21:54 -07:00
Dirk
84e77d2bb0 Java 21 2025-04-09 17:07:19 +02:00
Dirk
31e2f43eec LibreSSL update 3.3.6 (MacOS) 
.. renaming that to macOS instead "Apple".
 2025-04-09 16:51:26 +02:00
Dirk
4f696f94df Add openssl 3.0.15 (from Debian) 
... and set OpenSSL 3.0.3 (git) as not to list
 2025-04-09 16:39:05 +02:00
Dirk
e4cdca9e63 Add Safari 18.4 @ MacOS 15.4 2025-04-09 15:53:11 +02:00
Dirk
d601f33a37 Merge branch '3.2' into new_Handshakes 2025-04-09 10:59:40 +02:00
Dirk Wetter
bc0c9f9c4b Merge pull request #2733 from dcooper16/ossl35_client_sim 
OpenSSL 3.5.0 client simulation
 2025-04-09 10:46:20 +02:00
David Cooper
3a8038636d OpenSSL 3.5.0 client simulation 
Add OpenSSL 3.5.0 to etc/client-simulation.txt.
 2025-04-08 15:26:41 -07:00
Dirk
0d7c33ab7f deprecate more 
- Safari 12.1 (iOS 12.2)
- Firefox 66 (Win 8.1/10)
 2025-04-08 16:14:37 +02:00
Dirk
887653a033 Deprecate a few entries ... 
- Android 5+6
- Chrome 79 Win 10
- IE 6 XP
- IE 8 XP
- Safari 13.0 (macOS 10.14.6)
- OpenSSL 1.1.0l (Debian)

... before new ones are added
 2025-04-08 16:06:55 +02:00
Dirk
7939144af1 Swap Android 6 for Android 5 
... as it seems to habe more market share
 2025-04-08 15:49:44 +02:00
Dirk
58ddfd8a24 Add hint for JA3/4 
+ minor corrections
 2025-04-07 19:38:05 +02:00
Dirk
45be26db7c Add Java 8u442 handshake 
Also the ja3 and ja4 values were added as retrieved from wireshark.

See also #2430 .
 2025-04-07 19:36:34 +02:00
Peter Dave Hello
be4aa6ec6c Fix Docker Hub badge in Readme.md 2025-04-07 05:08:59 +08:00
Dirk Wetter
06682990ba GHCR clearer 2025-04-06 20:29:18 +02:00
Dirk Wetter
f7f35fe4c6 Merge pull request #2729 from testssl/ghcr.io-doc 
Add minimal doc for GHCR
 2025-04-06 18:29:07 +02:00
Dirk Wetter
ac0419eaad Add minimal doc for GHCR 2025-04-06 18:27:37 +02:00
Dirk Wetter
b20add1d12 Merge pull request #2684 from testssl/new_binaries 
Start working on a set of new binaries
 2025-04-04 14:15:00 +02:00
Dirk Wetter
b7f9ff1bf2 Merge pull request #2727 from dcooper16/chacha20 
ChaCha20 decryption
 2025-04-04 11:54:05 +02:00
Dirk Wetter
be9a85c1f7 Merge pull request #2726 from dcooper16/fix_has_uds_checks 
Fix checks with HAS_UDS and HAS_UDS2
 2025-04-02 21:47:41 +02:00
David Cooper
f6ff390799 Fix checks with HAS_UDS and HAS_UDS2 
This commit fixes a check where the Boolean variables $HAS_UDS and $HAS_UDS2 are checked for whether they are empty rather than for whether they are true.
 2025-04-02 08:03:58 -07:00
David Cooper
e2accb6442 ChaCha20 decryption 
Decryption is TLS 1.3 handshakes is very slow if the response is encrypted using ChaCha20 and the $OPENSSL enc command does not support ChaCha20. This commit mitigates that problem by using $OPENSSL2 for ChaCha20 decryption if such decryption is needed and $OPENSSL does not support it.

This commit also changes testssl.sh to make use of $OPENSSL2 for AES-GCM decryption, when $OPENSSL2 supports it, but $OPENSSL does not. However, this change is not as important. Implementing AES-GCM in Bash using $OPENSSL for AES ECB operations isn't nearly as slow as fully implementing ChaCha20 in Bash.
 2025-04-02 07:55:31 -07:00
Dirk Wetter
44d9f520fb Add check for proxy IPv6 support 
... of the binary. Testing needs to be done.
 2025-04-01 23:37:54 +02:00
Dirk
672d253981 Fix typo 2025-04-01 18:58:12 +02:00
Dirk
b149fc4da4 Reorder, rephrase, timing 
Also provide a runtime table, from a little research.
 2025-04-01 15:24:40 +02:00
Dirk
45a264e4e4 Fix typo 2025-03-31 18:08:27 +02:00
Dirk
f55abf56af Add new 64 Bit binaries (Linux, FreeBSD) 
... from https://github.com/testssl/openssl-1.0.2.bad .
 2025-03-31 17:54:40 +02:00
Dirk
093e8ddd10 Remove redundant statements 2025-03-31 17:54:01 +02:00
Dirk Wetter
2dfd192f27 Typos / when needed 2025-03-30 19:59:23 +02:00
Dirk
3a414d60bf Comment the removal of binaries 2025-03-30 18:14:41 +02:00
Dirk
f208c09803 Rename file 2025-03-30 18:11:21 +02:00
Dirk
0e765986dc Remove output from openssl Kerberos binary 
... as we don't supply the kerberos binary anymore
 2025-03-30 18:08:58 +02:00
Dirk
1852ef6a1d Remove 32 Bit Linux binary 
... as it is a niche thing. It might be available @ the contibuted
build directory @ https://testssl.sh
 2025-03-30 18:06:58 +02:00
Dirk
5a1d90f310 Fix link 2025-03-28 18:33:14 +01:00
Dirk Wetter
87edb78b3e Add docu for IPv6 proxy 2025-03-27 18:27:00 +01:00
Dirk Wetter
36a58e2b3e Allow square bracket notation for IPv6 proxy 2025-03-27 18:26:17 +01:00
Dirk Wetter
a348839f60 Merge pull request #2720 from testssl/add_comment_get_server_cert 
Comment the first lines get_server_certificate()
 2025-03-25 21:56:32 +01:00
Dirk Wetter
e81b09176d Distunguish between LibreSSL and OpenSSL IPv6 proxy 
Somehow the proxy now shows only IPv6 source addresses when specifying
--proxy=IPV6ADDRESS:PORT
 2025-03-25 19:42:54 +01:00
Dirk Wetter
18da1b8df5 Fix some IPv6 proxy issues 
As a quick hack this PR enables *basically* the IPv6 proxy which results that testssl.sh
will use an IPv6 proxy when

* the binary supports that
* the binary is used an not tls_sockets()
* there's no A record but an AAAA record of the proxy or an IPv6 address as proxy address was specified.

The latter should guarantee that it doesn't break anything.

However tls_sockets() still uses IPv4 for the connection to the proxy.

See #1105
 2025-03-25 19:13:30 +01:00
Dirk Wetter
040ef1e0c9 Comment the first lines get_server_certificate() 
See https://github.com/testssl/testssl.sh/issues/2707#issuecomment-2741053487
 2025-03-25 17:22:10 +01:00
Dirk Wetter
5359befc60 Merge pull request #2716 from testssl/sanitze_http_header_better 
Sanitze HTTP header early and better
 2025-03-20 15:44:28 +01:00
Dirk Wetter
a17bb42a37 Sanitze HTTP header early and better 
On MacOS `run_http_header()` hiccuped when in any place of the web site unprintable chars were returned, see https://github.com/testssl/testssl.sh/issues/2708#issuecomment-2738347784 .

This PR fixes that by moving the sanitization to a separate function and run it earlier before any processing of the returned content (header plus body) takes place.

Output was:

```
'HTTP Status Code           awk: towc: multibyte conversion failure on: '� disabilitato");

 input record number 36, file /tmp/testssl.FHu8E0/AAA.BBB.CCC.DDD.http_header.txt
 source line number 1
'wk: towc: multibyte conversion failure on: '� disabilitato");

 input record number 36, file /tmp/testssl.FHu8E0/AAA.BBB.CCC.DDD.http_header.txt
 source line number 1
  200 OK
```
 2025-03-20 13:34:46 +01:00