Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,026 Commits 17 Branches 35 Tags
bed43df2df6cc7d510fedf21e11f83b80ecad3fc
Commit Graph

5026 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Cooper
d1531cdf60 Support decrypting TLS 1.3 handshakes with PQ key exchange 
This commit modifies testssl.sh so that TLS 1.3 handshakes that use post-quantum algorithms for key exchange can be decrypted, if $OPENSSL supports the algorithms.
 2025-04-10 14:05:30 -07:00
Dirk Wetter
459ccee589 Merge pull request #2737 from dcooper16/tls13_pq_sigalg 
Support ML-DSA server keys
 2025-04-10 20:49:29 +02:00
David Cooper
ecaa7878e5 Support ML-DSA server keys 
This commit adds support for server certificates that have ML-DSA pubilc keys. It also adds supports for certificates that are signed with ML-DSA or SLH-DSA. The ML-DSA code points for the signature_algorithms extension are taken from https://datatracker.ietf.org/doc/draft-tls-westerbaan-mldsa/ and are the ones used by OpenSSL 3.5.0.
 2025-04-10 09:15:04 -07:00
Dirk Wetter
3fbceada58 Merge pull request #2736 from testssl/rm_krb 
Remove KRB cipher info
 2025-04-10 13:23:16 +02:00
Dirk
7b6a7d7ade Remove KRB cipher info 2025-04-10 13:22:09 +02:00
Dirk Wetter
04a592307a Merge pull request #2732 from dcooper16/supported_cuves_list 
Get supported groups list from OpenSSL 3.5.0
 2025-04-10 09:57:20 +02:00
Dirk
fdb2da80d6 fix typo 2025-04-09 20:35:44 +02:00
Dirk
5d9d5276e3 Firefox 137 (Win 11) 2025-04-09 20:28:31 +02:00
Dirk
51fce5feb1 fix ja3/4 for Edge 133 Win 11 23H2 2025-04-09 20:18:24 +02:00
Dirk
b18dd2aa28 Edge 133 Win 11 23H2 2025-04-09 20:14:42 +02:00
Dirk
647aeae205 Update docu and (futile) perl script 2025-04-09 20:00:47 +02:00
Dirk
f337f53e49 Reorder Java 8 2025-04-09 19:40:12 +02:00
Dirk
85232b7bc5 Chromium 137 Win 11 2025-04-09 19:31:35 +02:00
Dirk Wetter
8b1339b29d Merge pull request #2734 from PeterDaveHello/FixDockerHubReadmeBadge 
Fix Docker Hub badge in Readme.md
 2025-04-09 18:51:08 +02:00
David Cooper
9f48c51dc7 Get supported groups list from OpenSSL 3.5.0 
In OpenSSL 3.5.0 the `list` command can be used to obtain a list of supported groups for TLS. The commit makes use of this command when $OPENSSL is OpenSSL 3.5.0 or later. This should be faster than testing curves one at a time.
 2025-04-09 09:21:54 -07:00
Dirk
84e77d2bb0 Java 21 2025-04-09 17:07:19 +02:00
Dirk
31e2f43eec LibreSSL update 3.3.6 (MacOS) 
.. renaming that to macOS instead "Apple".
 2025-04-09 16:51:26 +02:00
Dirk
4f696f94df Add openssl 3.0.15 (from Debian) 
... and set OpenSSL 3.0.3 (git) as not to list
 2025-04-09 16:39:05 +02:00
Dirk
e4cdca9e63 Add Safari 18.4 @ MacOS 15.4 2025-04-09 15:53:11 +02:00
Dirk
d601f33a37 Merge branch '3.2' into new_Handshakes 2025-04-09 10:59:40 +02:00
Dirk Wetter
bc0c9f9c4b Merge pull request #2733 from dcooper16/ossl35_client_sim 
OpenSSL 3.5.0 client simulation
 2025-04-09 10:46:20 +02:00
David Cooper
3a8038636d OpenSSL 3.5.0 client simulation 
Add OpenSSL 3.5.0 to etc/client-simulation.txt.
 2025-04-08 15:26:41 -07:00
Dirk
0d7c33ab7f deprecate more 
- Safari 12.1 (iOS 12.2)
- Firefox 66 (Win 8.1/10)
 2025-04-08 16:14:37 +02:00
Dirk
887653a033 Deprecate a few entries ... 
- Android 5+6
- Chrome 79 Win 10
- IE 6 XP
- IE 8 XP
- Safari 13.0 (macOS 10.14.6)
- OpenSSL 1.1.0l (Debian)

... before new ones are added
 2025-04-08 16:06:55 +02:00
Dirk
7939144af1 Swap Android 6 for Android 5 
... as it seems to habe more market share
 2025-04-08 15:49:44 +02:00
Dirk
58ddfd8a24 Add hint for JA3/4 
+ minor corrections
 2025-04-07 19:38:05 +02:00
Dirk
45be26db7c Add Java 8u442 handshake 
Also the ja3 and ja4 values were added as retrieved from wireshark.

See also #2430 .
 2025-04-07 19:36:34 +02:00
Peter Dave Hello
be4aa6ec6c Fix Docker Hub badge in Readme.md 2025-04-07 05:08:59 +08:00
Dirk Wetter
06682990ba GHCR clearer 2025-04-06 20:29:18 +02:00
Dirk Wetter
f7f35fe4c6 Merge pull request #2729 from testssl/ghcr.io-doc 
Add minimal doc for GHCR
 2025-04-06 18:29:07 +02:00
Dirk Wetter
ac0419eaad Add minimal doc for GHCR 2025-04-06 18:27:37 +02:00
Dirk Wetter
b20add1d12 Merge pull request #2684 from testssl/new_binaries 
Start working on a set of new binaries
 2025-04-04 14:15:00 +02:00
Dirk Wetter
b7f9ff1bf2 Merge pull request #2727 from dcooper16/chacha20 
ChaCha20 decryption
 2025-04-04 11:54:05 +02:00
Dirk Wetter
be9a85c1f7 Merge pull request #2726 from dcooper16/fix_has_uds_checks 
Fix checks with HAS_UDS and HAS_UDS2
 2025-04-02 21:47:41 +02:00
David Cooper
f6ff390799 Fix checks with HAS_UDS and HAS_UDS2 
This commit fixes a check where the Boolean variables $HAS_UDS and $HAS_UDS2 are checked for whether they are empty rather than for whether they are true.
 2025-04-02 08:03:58 -07:00
David Cooper
e2accb6442 ChaCha20 decryption 
Decryption is TLS 1.3 handshakes is very slow if the response is encrypted using ChaCha20 and the $OPENSSL enc command does not support ChaCha20. This commit mitigates that problem by using $OPENSSL2 for ChaCha20 decryption if such decryption is needed and $OPENSSL does not support it.

This commit also changes testssl.sh to make use of $OPENSSL2 for AES-GCM decryption, when $OPENSSL2 supports it, but $OPENSSL does not. However, this change is not as important. Implementing AES-GCM in Bash using $OPENSSL for AES ECB operations isn't nearly as slow as fully implementing ChaCha20 in Bash.
 2025-04-02 07:55:31 -07:00
Dirk Wetter
44d9f520fb Add check for proxy IPv6 support 
... of the binary. Testing needs to be done.
 2025-04-01 23:37:54 +02:00
Dirk
672d253981 Fix typo 2025-04-01 18:58:12 +02:00
Dirk
b149fc4da4 Reorder, rephrase, timing 
Also provide a runtime table, from a little research.
 2025-04-01 15:24:40 +02:00
Dirk
45a264e4e4 Fix typo 2025-03-31 18:08:27 +02:00
Dirk
f55abf56af Add new 64 Bit binaries (Linux, FreeBSD) 
... from https://github.com/testssl/openssl-1.0.2.bad .
 2025-03-31 17:54:40 +02:00
Dirk
093e8ddd10 Remove redundant statements 2025-03-31 17:54:01 +02:00
Dirk Wetter
2dfd192f27 Typos / when needed 2025-03-30 19:59:23 +02:00
Dirk
3a414d60bf Comment the removal of binaries 2025-03-30 18:14:41 +02:00
Dirk
f208c09803 Rename file 2025-03-30 18:11:21 +02:00
Dirk
0e765986dc Remove output from openssl Kerberos binary 
... as we don't supply the kerberos binary anymore
 2025-03-30 18:08:58 +02:00
Dirk
1852ef6a1d Remove 32 Bit Linux binary 
... as it is a niche thing. It might be available @ the contibuted
build directory @ https://testssl.sh
 2025-03-30 18:06:58 +02:00
Dirk
5a1d90f310 Fix link 2025-03-28 18:33:14 +01:00
Dirk Wetter
87edb78b3e Add docu for IPv6 proxy 2025-03-27 18:27:00 +01:00
Dirk Wetter
36a58e2b3e Allow square bracket notation for IPv6 proxy 2025-03-27 18:26:17 +01:00