Commit Graph

135 Commits

Author SHA1 Message Date
Dirk
2067ac8123 Fall back to heise.de
.. to scan.

It worked in a few examples locally. Other hosts I tried so far weren't
available anymore (like scanme.nmap.org). In order to reduce the burden
we scan now only during PRs.
2023-07-31 16:34:56 +02:00
Dirk
fc14a02035 Changed heise.de to example.com as sometimes we're blocked 2023-07-31 13:44:35 +02:00
Odinmylord
035996cc44 updated default_testssl.csvfile with new RSA-PSS 2023-03-23 00:14:15 +01:00
Dirk Wetter
b84e182ca2
Merge pull request #2332 from drwetter/sanitize_fileout
Make sure control chars from HTTP header don't end up in html,csv,json
2023-03-12 16:18:20 +01:00
Dirk Wetter
cacd8c57b1 Add variable htmlfile + filter GOST message
... which is needed for newer LibreSSL/OpenSSL versions
2023-03-12 15:09:24 +01:00
Dirk Wetter
66ebfb2f58 Add changes to CSV baseline 2023-02-06 21:56:54 +01:00
Dirk Wetter
2e0898c9ef Remove NNTP from CI tests
Maybe for the future we should check whether host is available and
if so then run the test
2023-01-31 09:34:18 +01:00
David Cooper
6088eddab6 Show server supported signature algorithms
This commit modifies run_fs() to show the signature algorithms the server supports in the ServerKeyExchange message for TLS 1.2 and in the CertificateVerify message for TLS 1.3.

Signature algorithms are not shown for TLS 1.1 and earlier, since for those protocol versions the signature algorithm to use is specified by the protocol. While the signature algorithm used in TLS 1.1 and earlier is weak, testssl.sh already warns if these protocol versions are supported.
2022-11-18 06:23:24 -08:00
Dirk Wetter
e918a2c31f remove negotiated cipher / protocol also in baseline file 2022-11-14 20:25:56 +01:00
David Cooper
5c889bde0f Include cipher order information in file output on a per protocol basis
This commit fileout() calls to ciphers_by_strength() and cipher_pref_check() to indicate whether or not the server enforces a cipher order for a protocol version.
2022-10-20 12:49:22 -07:00
Dirk Wetter
c92a648391 Add LibreSSL from MacOS 2022-05-31 16:17:47 +02:00
Dirk Wetter
854028166d Including AppleMail 2022-05-31 15:12:16 +02:00
Dirk Wetter
6536eaddb6 remove Java 12 and OSX 10 in baseline file 2022-05-31 14:09:19 +02:00
Dirk Wetter
6023acd58c Merge branch '3.1dev' into update_clients1 2022-05-31 12:09:23 +02:00
Dirk Wetter
dfbb9f8122 Fix Actions
this one works locally...
2022-05-30 13:37:07 +02:00
Dirk Wetter
8d817e1dcf PR to merge #2189
added: changes in CI so that it goes through
2022-05-25 18:46:08 +02:00
Dirk
04463784a8 Fix censys link in DROWN section
See #2127. the line seems very long though.

Note: this was previously commited as #2184 but as there were two mistakes
and one other thing which could be improved I decided to make a hard reset.

Apologize if it caused inconvenience.
2022-05-14 12:06:09 +02:00
Dirk
1eb8347174 Update comparion/diff file for CI
... for the time being
2022-05-10 13:08:44 +02:00
David Cooper
fa5d13eb06 Reorder output of run_server_preference()
This commit reorders the output of run_server_preference() as discussed in #1311.
2022-03-22 15:40:49 -04:00
David Cooper
1814da4e53 Working NNTP server
Switch NNTP server testing to a currently working server from http://vivil.free.fr/nntpeng.htm.
2022-03-16 07:57:40 -04:00
Dirk Wetter
ce746cd8b7 Add CI check
* for STARTTLS + LDAP
* for STARTTLS + POP3 reenable check with openssl as GH has not the time limits which Travis had
2022-02-01 10:02:35 +01:00
Emmanuel Bouthenot
4c2a1296a7 Add unit testing (manage)sieve protocol while using STARTTLS 2021-12-20 17:18:07 +01:00
Dirk Wetter
fc06fcee56 fix travis 2021-12-10 18:26:03 +01:00
Dirk Wetter
18f3ad7c31 fix travis 2021-12-10 15:58:10 +01:00
David Cooper
64d110f19d
Check file permissions on ./testssl.sh
This commit adds a check that ./testssl.sh has both read and execute permission. If ./testssl.sh is lacking execute permission, it will pass the tests in 00_testssl_help.t and 01_testssl_banner.t that run the program as `bash ./testssl.sh`, but will fail the subsequent tests that run the program as `./testssl.sh`, but the reason for the failure will not be clear.
2021-11-15 07:25:08 -05:00
David Cooper
3d9f109780
Fix 2030
Fix CI issue created by #2028 and by new certificate fingerprint.
2021-10-28 08:13:34 -04:00
Steve Mokris
0012adf47e Add a test to verify that expired.badssl.com's chain of trust is expired. 2021-10-05 13:53:58 -04:00
Dirk
529e9da823 Fix GHA (starttls nntp)
using another IP
2021-09-09 23:17:09 +02:00
a1346054
b1f5c6c9af Trim excess whitespace 2021-09-04 13:28:30 +00:00
a1346054
6782e2a3b9 Fix spelling 2021-09-04 12:39:03 +00:00
Peter Dave Hello
cbae32e5a4 Add missing vim modeline config in sh & perl files, cc #1901 2021-06-01 14:40:24 +08:00
Peter Dave Hello
9e61b8ba13 Make vim modeline config consistent, cc #1901 2021-06-01 14:31:31 +08:00
Dirk Wetter
a6f8aa61de Fix travis
Respect changed HSTS epoch time of 180 days.

(DROWN output is changed too as the certificated changed but doesn't matter
as the travis check filters that)
2021-05-10 11:28:25 +02:00
Dirk
e71ebfea4a Adjust master template for t/61_diff_testsslsh.t
... so that Travis CI works again
2021-04-02 16:57:20 +02:00
Dirk
c66d58b135 Filter for changing certificates of testssl.sh's server 2021-01-18 09:30:31 +01:00
Dirk Wetter
39132fe3d0 Fix order for -U and --ids-friendly
Workaround for bug see #1717. In addition: Bring  the test closer to a cleaner style,
as the others

Should --ids-firednly could be as well be removed when travis runs faster.
2020-12-11 20:49:15 +01:00
Dirk Wetter
96d4b4f08b Trying to reduced the runtime of travis
Often in the past travis was hitting a limit (50min?).

This is a try to make reasonable cuts to the unit tests:
- For STARTTLS some checks with OPenSSL are skipped
- For JSON and HTML outputs --ids-friendly was added assumming we
  don't change the output of ticketbleed, CCSI, HeartBleed and ROBOT any more.
- There's also not point to run those checks against badssl
- for  the diff check we switch to 'or diag' to display a dfifference
2020-11-27 13:19:52 +01:00
Dirk
665209bf60 typos 2020-11-26 16:27:40 +01:00
Dirk
1b63760bc3 Add baseline master file for testssl.sh 2020-11-26 16:05:08 +01:00
Dirk
a98ede0720 Finalize first diff check for travis 2020-11-26 15:58:13 +01:00
Dirk
49d321cfbb Add "command not found" 2020-11-26 13:41:44 +01:00
Dirk
191efddaee document changes from previous commits 2020-11-26 13:07:49 +01:00
Dirk
0c20b21fc2 Better order, "command not found added" 2020-11-26 13:02:10 +01:00
Dirk
4ca4e075a2 Use test::diff so that errors are spotted better 2020-10-02 13:07:13 +02:00
Dirk
7981a238a5 Comment out S2S XMPP server test for now 2020-05-02 19:40:45 +02:00
Dirk
5da54b9ce8 fix var declaration 2020-05-01 21:42:41 +02:00
Dirk
9e61d6605e Perl needs a semicolon ;-/ 2020-05-01 19:17:58 +02:00
Dirk
191c69fbdd Minor probe for STARTTLS xmpp-server
... don't know whether this gets through -- depends on the
version openssl used (1.0.2 doesn't have that)
2020-05-01 18:39:36 +02:00
Dirk Wetter
8c466bf2ee Rename PFS/perfect forward secrecy to FS/forward secrecy
In all instances:

* command line (will break things)
* JSON IDs (will break things)
* in the documentation
* in the travis checks where used
* everywhere in the code: variables, functions, comments
2020-04-14 15:53:05 +02:00
Dirk Wetter
3cdb16a969 Prepare baseline_ipv4_http as a good example ...
... as indicated in CONTRIBUTING.md / Coding_Convention.md
2020-01-24 17:42:17 +01:00