a802792db5
update links, reorder features
2017-09-27 09:02:29 +02:00
ed88add923
regression fix: output for CVE-2015-3197 was missing in DROWN
2017-09-20 17:24:37 +02:00
c5ac8c9227
workaround due to problem with blanks in $SWURL
...
SWURL contained for historical reasons trailing blanks
for released versions.
This caused an error in pr_boldurl --> html_out which
didn't write the trailing style info and didn't close
the href tag (travis complained.)
This patch removes the trailing blank but it doesn't
fix the error
2017-09-20 10:47:18 +02:00
11b4f67d7e
version number
2017-09-20 07:11:11 +02:00
f9c72ea85e
Update Readme.md
2017-09-19 16:22:09 +02:00
11d7645754
changed for 2.9.5
2017-09-19 16:13:38 +02:00
b9b09f586e
added MS CA store, see #825
...
Finally complete, thx @naumanshah03
2017-09-19 15:15:54 +02:00
f48deaaa9d
Update README.md
2017-09-19 14:50:08 +02:00
4972cda2af
FIX #762 (replace which by 'type -p')
2017-09-19 00:08:33 +02:00
1c10ad0124
remove echoing ~ /usr/bin/timeout
2017-09-18 23:38:06 +02:00
b222fe8f53
Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev
2017-09-18 23:34:12 +02:00
95af735862
Update README.md
2017-09-18 23:33:25 +02:00
3caa73c1b8
Update README.md
2017-09-18 23:32:35 +02:00
bd55830a7e
FIX #823 , for jabber try PTR record first or fail
2017-09-18 23:25:07 +02:00
f014a1853b
missing update from 985c845486
2017-09-18 23:01:37 +02:00
7294df927f
Merge pull request #677 from dcooper16/no_sni
...
Just get non-SNI certificate once
2017-09-18 21:14:34 +02:00
34fa8fc98e
Just get non-SNI certificate once
...
Currently the call to `$OPENSSL s_client` to obtain the certificate returned by the server when SNI is not provided is in `certificate_info()`, which means that it is called once for each certificate found the various called to `get_server_certificates()`.
This PR moves the call to `$OPENSSL s_client` to `run_server_defaults()` so that the call is made only once, even if more than one server certificate was found.
In addition, in most cases the certificate returned by the server when SNI is not provided will already have been retrieved by `run_server_defaults()` (in rounds 8-14), in which case `$HOSTCERT.nosni` can just be copied from there rather than making an additional call to `$OPENSSL s_client`.
2017-09-18 13:31:38 -04:00
a395f91f0e
Merge pull request #777 from dcooper16/fix772
...
Fix #772
2017-09-18 18:36:53 +02:00
6b1d81d28d
imor housekeeping for `fileout() in run_http_header()`
2017-09-18 18:18:05 +02:00
200440a28f
Merge pull request #820 from seccubus/insecure_redirect
...
Fixed file output error in case of insecure redirect
2017-09-18 18:01:43 +02:00
f372b4b775
FIX #622
...
If the host negotiated SSLv3 reading of the ServerKeyExchange message failed
and as a consequence determination of the DH key
2017-09-18 17:50:06 +02:00
a264898f77
Initial fix for #772
...
This commit provides a partial fix for #772 .
2017-09-18 09:52:30 -04:00
8b076e9841
relect what to do for updtaing ca_hashes.txt
2017-09-18 14:20:56 +02:00
985c845486
update of certificate stores, except MS
2017-09-18 14:18:00 +02:00
26c77cc3c2
any openssl will do
2017-09-18 14:02:12 +02:00
c4e5533ab0
FIX #822
2017-09-15 21:20:42 +02:00
837a6fb31c
fix travis build in fad8c63
2017-09-15 15:38:11 +02:00
fad8c631ef
consistently open the file with echo here as well
...
see CSVFILE (and request #822 )
2017-09-15 15:09:13 +02:00
90cd8cd3e2
Merge pull request #796 from sdann/mysql_standard_cipher
...
Catch MySQL (yaSSL) server bug when testing standard cipher categories
2017-09-15 14:02:26 +02:00
49ed49f505
Fixed file output error in case of insecure redirect
2017-09-11 16:59:34 +02:00
50287ef2c4
fix for empty/malformed socket replies
...
During protocol check if a sever answered unexpected with
closing the conenction or another malformed reply the
output was not ok as DETECTED_TLS_VERSION was empty.
This fixes it by filling the variable with a string in ``parse_tls_serverhello()``
and then check in higher level (``run_protocols()``) the content.
Also it seems that I forgot in the commit from yesterday one ``&&`` to
commit in ``run_breach()``
2017-09-01 16:13:32 +02:00
ee8c5e51a1
fix vulnerability output for breach and x509 based client auth
...
and polish output in ``run_renego()``
2017-08-31 17:22:10 +02:00
9345b55865
added ALL_CLIENTS for client siumulation
2017-08-30 23:40:47 +02:00
25f1293756
client simulation update
...
file renamed (dash is more consistent)
env var "ALL_CLIENTS" now shows every browser (or client) during
client simulation
2017-08-30 23:04:52 +02:00
4379174970
rename generated file, comment it better + take care of one GREASE cipher
2017-08-30 23:02:21 +02:00
54539e9da3
rename client simulation file (das is more consistent)
...
update client simulation: now has every client from SSLlabs and
it is properly ordered
2017-08-30 23:00:32 +02:00
e45d80eb40
reordering of global vars, warning for client simulation of run w openssl more clear
2017-08-30 21:09:52 +02:00
8be7dcbf09
Reorder client simulation data (see #776 ) and update README
2017-08-30 20:35:15 +02:00
da16b6a2e2
Merge pull request #818 from dcooper16/aria-ciphers
...
Add OpenSSL names for ARIA ciphers
2017-08-30 17:27:29 +02:00
6460de39a2
Add OpenSSL names for ARIA ciphers
...
A PR was just accepted into the master branch of https://github.com/openssl/openssl that specifies OpenSSL names for the ARIA GCM cipher suites: https://github.com/openssl/openssl/commit/bc32673869842c7f00ae7016040a612f516ead7e . This PR adds these OpenSSL names to the cipher-mapping.txt file. It also changes the description of the encryption algorithm for these ciphers from "ARIA" to "ARIAGCM" to be consistent with OpenSSL and with the other GCM ciphers in the cipher-mapping.txt file.
In addition, OpenSSL names for some of the ARIA CBC ciphers are provided in https://github.com/openssl/openssl/blob/master/doc/man1/ciphers.pod , and this PR adds those OpenSSL names to the cipher-mapping.txt file as well.
2017-08-30 11:12:11 -04:00
2b055e4425
FIX #778
...
read the session ticket lifetime and based on that emit a proper output
2017-08-30 12:54:52 +02:00
3e2d321e68
FIX #789
2017-08-30 12:24:13 +02:00
5f2043eb02
slight change in wording to "problem" for #817
2017-08-29 16:04:05 +02:00
515844208f
Merge pull request #817 from dcooper16/fileout_insert_warning
...
Use of fileout_insert_warning()
2017-08-29 16:02:29 +02:00
72227fea4d
Use of fileout_insert_warning()
...
This PR addresses the same issue as https://github.com/drwetter/testssl.sh/commit/6bb3494d9807991fd07b8ca0e120b218a0318dfd . In its current form, fileout_insert_warning() cannot be used after fileout_section_header() has been called for the first time.
2017-08-29 09:03:47 -04:00
d534447da2
Merge pull request #816 from dcooper16/cipher_match_json
...
Fix single cipher and JSON pretty
2017-08-29 11:18:48 +02:00
fa063ccd98
Fix single cipher and JSON pretty
...
testssl.sh produces an invalid JSON file if the --json-pretty option is used with the --single-cipher option. The reason is that fileout_section_header() isn't called before run_cipher_match() calls fileout() and fileout_section_footer() is not called afterwards.
There is also a problem with MEASURE_TIME, since the "cleanup" at the end of lets_roll() is not performed.
This PR fixes these problems by adding a call to fileout_section_header() before the call to run_cipher_match() and by copying the code from the end of lets_roll() to run_cipher_match() (just before the call to exit).
2017-08-28 16:12:57 -04:00
b5c92e9a90
renaming the id of client simul to be consistent with previously used function at least
2017-08-28 21:14:39 +02:00
6bb3494d98
addressing @dcooper's remark in #815
2017-08-28 21:09:09 +02:00
0933cfd041
further fixes WARNING in fileout (should be WARN)
2017-08-28 20:54:08 +02:00
Dirk Wetter