Dirk
d5924eedc4
- BEAST finally works
...
- handling of spaces in output
- different ciphers
- FIX: setopt also for RC4 (proper handling of ret value)
2015-01-20 21:59:21 +01:00
Dirk
28330dc6fc
first prototype BEAST | FIX: maketempf in initialize_engine | FIX: exit statements in main w/ more meaning/shorter
2015-01-20 21:51:49 +01:00
Dirk Wetter
1032c3756a
Update Readme.md
2015-01-16 17:18:38 +01:00
Dirk Wetter
b0c6062cb7
Update Readme.md
2015-01-16 17:16:22 +01:00
Dirk
5853202efd
fine tuning on banner
2015-01-15 20:29:46 +01:00
Dirk
4c6f0d9a50
- FIX: grep -a if we hit binary content with http_header (also if otherwise specified)
...
- NEW: can specify URL (used for header matters and breach)
- FIX: better handling of >1 cookies
2015-01-14 12:23:53 +01:00
Dirk
3d81a7b5ec
* NEW: cookie flags (experimental) [URL is missing]
...
* FIX: 30x handling for http_header (hint for final URL if stalled)
* FIX: proper display of app-banners if >1
2015-01-14 09:48:44 +01:00
Dirk
44d8f67998
SNI is not anymore 2do (removed misleading comment)
2015-01-12 23:28:38 +01:00
Dirk
84204a80a3
debugging more fine grained
2015-01-12 23:15:26 +01:00
Dirk
ac6a67a299
now with SNI!
2015-01-12 22:56:15 +01:00
Dirk
f0747dd2fc
now checker fo SSLv3 to TLSV1.2
...
(SNI missing for now)
2015-01-10 22:08:11 +01:00
Dirk
cedeff2b42
typo in tempdir led to missing gost cipher
2015-01-08 14:16:22 +01:00
Dirk
446f7bf152
working prototype for SSLv2 client hello + parsing server hello in bash
2015-01-07 23:57:16 +01:00
Dirk
62f20a6cd2
Merge branch 'master' of https://github.com/drwetter/testssl.sh
2015-01-07 23:30:24 +01:00
Dirk
5044412f39
- moved utils to separate dir
2015-01-07 23:29:05 +01:00
Dirk
decade9986
safer batch processing if port isn't available
2015-01-07 23:16:45 +01:00
Dirk
aa546b520e
Merge remote-tracking branch 'origin/revert-48-master'
2015-01-07 23:09:57 +01:00
Dirk
8a3e0267ba
safer bacth processing if port isn't available
2015-01-06 16:25:19 +01:00
Dirk Wetter
2556377398
Revert "Change question logic on non-SSL port"
2015-01-06 16:10:21 +01:00
Dirk Wetter
e816e4877a
Merge pull request #48 from lwindolf/master
...
Change question logic on non-SSL port
2015-01-06 16:01:07 +01:00
Lars Windolf
d1ab23c146
Change question logic on non-SSL port
...
Idea is to bail out per default (with WARNINGS=off) this makes batch processing possible
as often testssl.sh hangs for minutes or endless on non-SSL ports.
2015-01-03 11:41:35 +01:00
Dirk
eae1b2810f
- check for CN wrt SNI / no SNI
...
- fix different responses for CACert
2014-12-23 09:59:03 +01:00
Dirk
4aa674d138
- Negotiated cipher per proto
...
- nr_ciphers of used openssl version in banner
- spdy_pre check
- -testversion_new --> -testversion
2014-12-21 23:22:50 +01:00
Dirk
a570d907e9
- Cipher order check! (also for starttls)
...
- includes a remark 4 default_cipher (limited sense as client will pick)
- selfsigned certs: error!
- number of local ciphers in check with allciphers
2014-12-21 00:47:23 +01:00
Dirk
04b6795f94
Merge branch 'master' of github.com:drwetter/testssl.sh
2014-12-19 17:06:37 +01:00
Dirk
21493fb788
- tempfile handling: every function leaves one, if DEBUG is set
...
- FIX*2: OPENSSL_CONF/GOST_CONF
2014-12-19 17:02:26 +01:00
Dirk Wetter
9e53070598
Update Readme.md
2014-12-19 15:52:05 +01:00
Dirk Wetter
c2ef5d1da8
Update Readme.md
2014-12-19 15:51:32 +01:00
Dirk
8635012cf5
- subjectAltName
2014-12-19 07:12:20 +01:00
Dirk
521a7160a9
- NEW: certificate info, details:
...
- NEW: CN, SAN
- NEW: OCSP URI
- NEW: CRL distr point
- NEW: Issuer
- NEW: expiration
- NEW: signature algo
- renamed cmdline --simple_preference to --server_defaults
- now we have a TEMPDIR where all files are written toA
- function or handling/removing TMPFILE
2014-12-18 09:33:24 +01:00
Dirk Wetter
5d66eeef05
Update Readme.md
2014-12-09 14:25:38 +01:00
Dirk
b40c0b7178
- RELEASE: final 2.2
...
- change of cmd line order for STARTTLS
- help more clear
2014-12-08 10:32:51 +01:00
Dirk
b3efb3c4b0
- BUGFIX: potential stalling in HTTP Header query
...
- BUGFIX: HTTP specific vuln. won't be checked if service is not http (we still
check crime and also spdy => gmail has spdy for pop and imap)
- Feature: service detection: HTTP, IMAP, POP, SMTP
- alignment in rDNS output corrected
- minor cleanup / improvements
2014-11-30 01:30:20 +01:00
Dirk
27f06f8d50
- BUGFIX: BSD now has proper heartbleed and ccs injection detection
...
- significant code improvement of hex-byte parser <-> socket sender
- BUGFIX: BSD now doesn't put an extra \n if rfc map file is missing
- bumped to 2.1rc3, hoping that'll be the last
2014-11-27 21:33:33 +01:00
Dirk
c034cd8a95
- for colors: double square brackets (might save a fork to "[ or "test"
...
- in terms of debugging cleaned up listciphers/std_cipherlists
- in other terms too
2014-11-25 13:12:24 +01:00
Dirk Wetter
5228986b25
Update Readme.md
2014-11-24 16:43:11 +01:00
Dirk Wetter
b242876597
Merge pull request #37 from yurivict/master
...
Fixed errors when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options
2014-11-24 15:16:42 +01:00
Yuri
19f936bece
Fixed the problem when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options.
2014-11-22 12:15:47 -08:00
Dirk Wetter
7cf2030c20
Merge pull request #36 from PeterMosmans/bugfix
...
Fixed minor redirection typo for 'which' command
2014-11-22 18:31:09 +01:00
Peter Mosmans
c3ab016164
Fixed minor redirection typo for 'which' command
2014-11-22 12:57:36 +10:00
Dirk
4c3cc0df8e
- increase first read buffer -- otherwise it's how up at hb reply and lead to false positives
2014-11-20 18:55:51 +01:00
Dirk
d4265742b1
color codes for protocols and default ciphers reflect better a rating
...
- fix: heartbleed function needed a $TMPFILE for determining the TLS protocol
- version bumped to 2.1rc2
2014-11-20 10:46:55 +01:00
Dirk
5dd4a8f3fa
- fix in cleanup (while debug)
...
- wrong cmd line option --> help instread of error
2014-11-19 22:23:13 +01:00
Dirk
05877dca93
- protocol check stream lined: similar now for every protocol
...
- NPN/SPDY is not green anymore
2014-11-19 18:04:43 +01:00
Dirk
d77b667489
- protocol w/o cipher (only SSLv2 so far)
...
- for EVERY protocol now check whether $openssl supports it
- better fail for PFS if there are no local ciphers
2014-11-19 17:08:59 +01:00
Dirk
52ef1fe684
@oparoz
2014-11-19 13:26:48 +01:00
Dirk
99e472ac01
- banner (opensssl version build date, platform) slightly changed
...
- even clearer warning upon old openssl version (MacOSX!)
- oparoz hexdump patch
- heartbleed doenst do a precheck anymore --> just sockets as it may lead to false negatives
if the client was complied with it disabled (FreeBSD)
2014-11-19 13:22:22 +01:00
Dirk
f2c44803ed
- FreeBSD fixes (getent, printf)
2014-11-18 23:14:17 +01:00
Dirk
59bdf48823
- Peter
2014-11-18 20:24:10 +01:00
Dirk
41a480abb4
small cleanup
2014-11-18 20:23:17 +01:00