Commit Graph

81 Commits

Author SHA1 Message Date
Dirk e7619fa8d9 Documenting exit error codes improvements
See prevoius commit b2be380b54 and
issue #985 / #752.
2018-04-12 18:14:14 +02:00
Dirk 36247fecf2 fix no-DNS related error in documentation 2018-04-12 01:19:02 +02:00
Dirk 2a4de68c59 Merge branch 'nodns-935' into 2.9dev 2018-04-12 01:06:33 +02:00
Dirk 557942cb0a Change logic and add conservative value for -n/--nodns (#935)
This PR changes the logic the no-DNS switch works. The switch
now expects a value. "min" does minimum lookups, "none" does
no lookups at all (details see testssl.sh(1) ). "none" is
equivalent to the paranoid (boolean) value "true" before.
2018-04-12 00:19:52 +02:00
Karsten Weiss eead9f62d9 Fix typos found by codespell 2018-04-10 17:37:04 +02:00
Dirk eb3b3a1988 be more verbose what --warnings=batch means (see #1027) 2018-04-05 22:02:35 +02:00
Dirk 1924c9a0a6 Connectivity problems, man page update
See previous commit

This commit finally fixes #1005 so that either a --ssl-native scan
terminates on the next (defined) occasion if there are network connectivity
problems. It introduces another set of variables (MAX_OSSL_FAIL vs. NR_OSSL_FAIL).
As "openssl s_client connect" is sometimes still being used without --ssl-native
it also shortens the wait for regular scans if an outage is encountered.
To make things easier bot sets (incl. *_SOCKET_FAIL) of variables are independent.

For the seldom case that somebody uses --ssl-native with client checks an exception
had to be made as otherwise only MAX_OSSL_FAIL client check would be performed.
This hasn't been understood yet...

As sometimes HTTP header requests (over OpenSSL) fail repeatedly in a way that an empty
reply is returned, the same strategy of detecting problems is applied here,
using MAX_HEADER_FAIL and NR_HEADER_FAIL.

All three detection mechanisims share a new function connectivity_problem().
2018-03-28 17:48:04 +02:00
Dirk 2e5dd0439a document variable for previous commit 080840f 2018-03-02 20:57:06 +01:00
Dirk b5fcc00031 reflect previous commit of changed treatment of --severity
... and some minor polishing
2018-03-01 15:13:55 +01:00
Dirk ba8d613aa5 Add documentation about the current and corrected exit codes 2018-02-14 23:40:08 +01:00
Dirk 01f7612bd0 add keys to server defaults, cert start/end time in GMT 2018-01-29 23:43:25 +01:00
Dirk 659a6176b6 Add TLS 1.3, better explanation for -6 2018-01-28 12:47:05 +01:00
Dirk 0bc1f6f708 make MAX_PARALLEL and MAX_WAIT_TEST configurable + documentation 2017-12-27 09:50:34 +01:00
Dirk 1488baeac5 Documentation of CA_BUNDLES_PATH
See also #941
2017-12-20 09:00:00 +01:00
Dirk 1984d7fc90 html version of man page added 2017-12-14 10:25:59 +01:00
Dirk c23f47858d Overwrite as a default empty files
This commit tries to address #934. Empty files can now
be overwritten without exiting with an error.
2017-12-14 10:06:19 +01:00
David Cooper 5de873f8bc Test for vulnerability to Bleichenbacher attack
This PR adds a test to check whether a server that supports ciphers suites that use RSA key transport (TLS_RSA) are vulnerable to Bleichenbacher attacks (see http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf).
2017-12-12 09:51:48 -05:00
Dirk 47409a32d6 delayed commit for file prefix
Also added David
2017-11-24 23:13:38 +01:00
Dirk e450eb34e4 FIX #846 -- add output filename prefix
This commit adds the possibility to supply a output
file name prefix via --outprefix or FNAME_PREFIX
2017-11-14 19:41:25 +01:00
Dirk 9daec2a515 Add "auto" keyword to -oA/-oa (FIX #887)
File names are now auto-generated by using "-oA auto" / -oa "auto"
--similar to --csv and friends.

Also the formerly hidden switches --outFile and --outfile were added in the
help and in the manual.
2017-11-01 09:58:52 +01:00
Dirk 2aeabd19b2 Better clarification on bit size and encryption strength
Fix #770
2017-10-31 12:00:09 +01:00
Dirk a85ca3c250 FIX #765
Inconsistency in using optional and mandatory parameters in help and man page
2017-10-26 11:46:14 +02:00
Dirk d3795f1254 Add output options similar to nmap (FIX #861) 2017-10-20 16:32:57 +02:00
Dirk e32479818d mentioning BiGIP cookies and MongoDB 2017-09-27 09:25:22 +02:00
Dirk f6cf96d916 polish help for -g option 2017-09-23 12:54:44 +02:00
Dirk 68509694d4 NO_ENGINE (#834) and GREASE (#814) 2017-09-23 11:55:09 +02:00
David Cooper a6f7121d25 Correct typos 2017-09-20 12:10:29 -04:00
Dirk 9345b55865 added ALL_CLIENTS for client siumulation 2017-08-30 23:40:47 +02:00
Dirk 8b2dfb81c5 reflect 37c8ee8c4e99ee5aa11618703af1706abcf5db04: debug level 2 is showing only minimal information like rough status and errors 2017-07-26 23:13:57 +02:00
Dirk 28fe4c48de manpage not for editing
Generated via ``ronn -r testssl.1.md`` from the md source. Can be viewed
e.g. by ``nroff -man testssl.1 [| less]``
2017-07-13 12:35:13 +02:00
Dirk f2d07ec22b First draft of the manpage
Until the content is finalized the plan is to keep it in MD format.
For medium terms it is something which needs to be reconsidered
as markdown as the source format for documentation has too many limits.
Happy for suggestions here.

In the meantime here's what needs to be done:

* finalizing (see comments)
* proofreading 1: accuracy, logic, more content related
* proofreading 2: grammar, spelling
* more? pls let me know
2017-07-13 12:27:28 +02:00