Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-03 18:48:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
876 Commits 16 Branches 34 Tags
bba9905e62083ef6e3a40fc5eaa4b1afed3dab46
Commit Graph

876 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Frank Breedijk
bba9905e62 Sockets for STARTTLS. Non HTTP(s) client simulations. Apple mail clients added. 
In this commit clients are also tested when non-HTTP protocols are used. Each client
now has a line that indicates what services the client can handle. Clients that match
the current SERVICE tested or have service ANY (OpenSSL/Java) will be simulated, others
will be ignored.

I have removed the STARTTLS restriction from using sockets because sockets seem to handle
starttls just fine.

Update client SIM data has been updated to add two client we maintain ourselves:
* Mail on iOS
* Mail on OSX
* Thunderbird on OSX
 2016-06-27 11:31:15 +02:00
Frank Breedijk
4aba0b90bf Merge branch 'client_sim_sockets' of https://github.com/dcooper16/testssl.sh into client_sim_sockets 2016-06-27 08:40:38 +02:00
David Cooper
be85fbf2b7 Update IE client simulation data 
Change client data for IE 8-10 and IE 11 to match ssllabs.
 2016-06-24 16:14:41 -04:00
David Cooper
799c6a5fd0 Handle missing $MAPPING_FILE_RFC 
Changed code for run_client_simulation() so that cipher is output when sockets are used even if $MAPPING_FILE_RFC is missing. Also, updated the client data.
 2016-06-24 15:48:40 -04:00
David Cooper
0e58e272f8 Merge branch 'master' into client_sim_sockets 
Conflicts:
	testssl.sh
 2016-06-24 13:18:25 -04:00
Dirk
5cb4b722b4 in client simulation it should be TLSv1.0 instead of TLSv1.0 2016-06-24 19:01:00 +02:00
Dirk
93204937c5 FIX #376 2016-06-23 19:42:26 +02:00
Frank Breedijk
a73caa930a Parsing more information from SSL Labs 2016-06-23 16:55:29 +02:00
David Cooper
bebdc3c70e Merge branch 'master' into client_sim_sockets 2016-06-23 09:24:54 -04:00
Dirk
68353db42b polishing #382 2016-06-23 14:33:26 +02:00
Dirk Wetter
31c8979d41 Merge pull request #382 from seccubus/mass_and_file_out 
Allow the file output feature and mass_test feature to work together
 2016-06-23 13:40:09 +02:00
Dirk Wetter
b5b9dd8712 Merge pull request #387 from bad/master 
porting to NetBSD
 2016-06-23 12:15:02 +02:00
Dirk
ef23703903 fix for #389 2016-06-23 12:04:45 +02:00
Dirk Wetter
e7404e9ce9 Merge pull request #389 from flmsc/master 
Fix HSTS/HPKP includeSubDomains and preload being broken in file output.
 2016-06-23 12:02:37 +02:00
Dirk
6eedd5747f wrong language fix ;-) 2016-06-23 11:13:11 +02:00
Dirk
6efc3e90f5 includes IPv6 check and is ready for other uname's 2016-06-23 11:04:58 +02:00
Florian Schuetz
18c5f273c3 HSTS: check if max-age is present and nonzero 2016-06-21 21:24:24 +02:00
Frank Breedijk
cf8b2f01f2 The results of using sockets and using openSSL now match perfectly 2016-06-21 10:17:46 +02:00
Florian Schuetz
f8579ee2f7 Fix HSTS/HPKP includeSubDomains and preload being broken in file output. 2016-06-21 08:57:39 +02:00
Christoph Badura
0fd261eb6c Refactor date parsing. Makes testssl.sh work on NetBSD too. 
Introduce a parse_date() function to handle all date parsing.
Check for the following date(1) variants:
GNU: accepts "-d date-to-parse".
FreeBSD/OS X: accepts "-j -f input-format"
everything else: accepts "-j date-to-parse"

usage: parse-date date output-format input-format

Tested on NetBSD, OS X 10.11 and Debian jessie.
 2016-06-20 22:01:13 +02:00
Christoph Badura
48d5e5a7a1 Drop remaining '\c's in printf(1) arguments. 2016-06-20 22:01:13 +02:00
Frank Breedijk
ca937d3b72 Client Simulations moved to external file 
parse_client_ciphers now gets the results from the SSL labs API
Wrote a parse to conver wireshark SSL Handshake ciphers lists to openssl cipher lists
 2016-06-20 16:52:49 +02:00
David Cooper
b8b779b419 Use sockets for client simulations 
Modify run_client_simulation() to send the ClientHello from https://api.dev.ssllabs.com/api/v3/getClients (modified to use the correct value in the server name extension) if $EXPERIMENTAL is true, $STARTTLS is empty, and $SSL_NATIVE is false.
 2016-06-17 16:33:00 -04:00
Dirk Wetter
02e9f5cd23 fix colum spacing again for all alg chacha poly ciphers 2016-06-15 21:31:10 +02:00
Dirk Wetter
9b8fc2c6f0 rename old alg chacha/poly ciphers according to SSLlabs (#379 / https://github.com/PeterMosmans/openssl/issues/43) 2016-06-15 20:14:08 +02:00
Dirk Wetter
d10dd6d34c align old chacha/poly ciphers output in OPENSSL name, see #379 2016-06-15 20:12:48 +02:00
Frank Breedijk
3b1d8b6253 Need to deal with the comma correctly if we are appending to a file 2016-06-14 10:36:57 +02:00
Dirk
1fae394b04 2013 --> OLD for CHACHA/POLY ciphers 2016-06-13 21:38:02 +02:00
Dirk Wetter
d4454d009b Merge pull request #383 from dcooper16/printSAN 
Printing of subjectAltName extension
 2016-06-13 19:32:31 +02:00
David Cooper
1d0c8cb3f8 Printing of subjectAltName extension 
Modify the extraction of the subjectAltName extension from certificates in order to address SANs with name forms other than DNS and otherName.
 2016-06-13 12:52:19 -04:00
Frank Breedijk
701545dbb6 Allow the file output feature and mass_test feature to work together 2016-06-13 15:35:56 +02:00
Dirk Wetter
88fd5c4e19 Merge pull request #381 from PeterMosmans/chachanaming 
Updated ChaCha20 cipher names
 2016-06-13 08:27:28 +02:00
Peter Mosmans
a06c71d915 Updated ChaCha20 cipher names 
See https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04 (the latest version as of this writing is 04).
The previous version received the suffix _2013. See https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
 2016-06-13 10:34:04 +10:00
Dirk Wetter
1b7653e438 Update Readme.md 2016-06-11 09:08:51 +02:00
Dirk Wetter
61a049ccf9 Merge pull request #380 from dcooper16/runallciphers128limit 
run_cipher_per_proto() 128-cipher limit
 2016-06-10 20:30:47 +02:00
David Cooper
8c86049848 run_cipher_per_proto() 128-cipher limit 
Ensure that neither run_allciphers() nor run_cipher_per_proto() sends a ClientHello with 128 or more cipher suites.
 2016-06-10 13:45:25 -04:00
Dirk
adbb1932eb simplified cipher and protocol retrieval in 'Testing server preferences' 2016-06-09 15:56:53 +02:00
Dirk
d561687554 initial commit 2016-06-09 15:06:42 +02:00
Dirk
6b07b89946 - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
Dirk
5ceace33e0 - FIX #189 with a smart check, introduced global var SERVER_SIZE_LIMIT_BUG 
- introduced "has_server_protocol()" which can be used to check b4 connecting if protocol is a/v
 2016-06-09 11:04:40 +02:00
Dirk
94d5a8df80 hint for new (etxernal) binaries 2016-06-09 00:06:11 +02:00
Dirk Wetter
f754d67e74 Merge pull request #377 from dcooper16/curve25519 
Adding x25519 and x448 to ClientHello
 2016-06-08 17:32:28 +02:00
David Cooper
4750c3f0d5 Adding x25519 and x448 to ClientHello 
This added x25519 and x448 to the list of supported elliptic curves in the ClientHello created by socksend_tls_clienthello().
 2016-06-08 11:25:47 -04:00
Dirk Wetter
c929fba206 Merge pull request #342 from dcooper16/socksend_tls_clienthello_extensions 
More extensions in socksend_tls_clienthello()
 2016-06-08 10:39:17 +02:00
Dirk
022dbc687a Merge branch 'master' of github.com:drwetter/testssl.sh 2016-06-07 23:07:17 +02:00
Dirk
d858edca1b - filled PROTOS_OFFERED w sense 
- minor fixes for fileout
- introduced "fixme()"
 2016-06-07 23:06:58 +02:00
Dirk Wetter
1d051a24e0 Merge pull request #374 from dcooper16/CREDITS 
Update CREDITS.md
 2016-06-07 22:40:56 +02:00
David Cooper
fa866f6458 Update CREDITS.md 2016-06-07 14:23:33 -04:00
David Cooper
c13ae4a001 Merge branch 'master' into socksend_tls_clienthello_extensions 2016-06-07 10:35:32 -04:00
Dirk
8ed6214b6f preliminary fix for #189 (SIZELMT_W_ARND=true needed) 2016-06-07 13:02:58 +02:00