Commit Graph

539 Commits

Author SHA1 Message Date
David Cooper c6373a181f Merge branch 'master' into openss2rfc_rfc2openssl 2016-07-11 10:43:35 -04:00
Dirk Wetter 16087f8252 Merge pull request #411 from welwood08/patch-2
Server cipher order NPN tests should use SNI
2016-07-11 16:24:45 +02:00
Dirk 3e8d5208dc further fix, see #410 2016-07-11 16:20:36 +02:00
Will Elwood 2573a9b8b8 More SNI for NPN tests
Found another NPN test (for the case where server doesn't specify cipher order?) that wasn't using SNI.
Also found a comment saying proxies don't support NPN => removed `$PROXY` from all modified lines.
2016-07-11 14:37:20 +01:00
Will Elwood 382d22648a Server cipher order NPN tests should use SNI
I noticed the NPN parts of this test were not returning any ECDSA ciphers where I expected them to match the results of the immediately preceding TLS 1.2 test. Found it wasn't using SNI so my test server was using the default domain (snakeoil RSA certificate) instead of the tested domain (dual ECDSA/RSA certificates).
2016-07-11 14:15:50 +01:00
Will Elwood 3c39396391 Unreadable SAN list on FreeBSD
On FreeBSD, sed does not support "\n" in the replacement string of a substitution. The SANs are currently output all together inside a single pair of quotes and each separated with an "n" character, needless to say this is very difficult to read.

After a little digging, it seems this is a somewhat recent regression of the fix in #173. I believe `tr` would be a more cross-platform way to do this, and several sources (including the author of that PR) would seem to agree - assuming the newline is now necessary.

It doesn't appear to matter what order the newline replacement happens amongst all the other replacements, so I have placed it first simply to avoid extending any already-long lines. Please correct me if this deduction is false.
2016-07-11 13:35:55 +01:00
David Cooper dfa92445ee Merge branch 'master' into openss2rfc_rfc2openssl 2016-07-08 09:37:09 -04:00
Dirk af4117aa7a FIX #404 2016-07-08 11:25:41 +02:00
Dirk 8c11334030 FIX #405 2016-07-08 11:15:41 +02:00
Dirk Wetter 57bf01a360 Merge pull request #402 from dcooper16/poodle
Check for all CBC ciphers in Poodle test
2016-07-08 10:04:49 +02:00
Thomas Ward de05711e5a Fix grammar issue in help output for --openssl
Missing a closing parentheses `)`.
2016-07-06 14:23:32 -04:00
David Cooper ec6c0ce605 Check for all CBC ciphers in Poodle test
This PR should address issue #399.

I created the list of ciphers using the CIPHERS_BY_STRENGTH file from PR #373, making a list of all ciphers that had "CBC" in the RFC name and for which I had been able to find a corresponding OpenSSL name. Then, since that list contained more than 128 ciphers, I removed any ciphers from the list where the name ended in "-SHA256" or "-SHA384", as it is my understanding that those ciphers can only be used with TLS 1.2.
2016-07-06 10:52:54 -04:00
David Cooper ad92ca8519 Merge branch 'master' into openss2rfc_rfc2openssl 2016-07-05 10:21:30 -04:00
Dirk 0217992553 fixed error where an URI in X509v3 Issuer Alternative Name was displayed and an URI in SAN 2016-07-05 00:08:51 +02:00
Dirk d2f2dab7fb fix regression lf in CN 2016-07-05 00:02:34 +02:00
Dirk 2bba19360f see #401, part 2 2016-07-04 23:52:52 +02:00
Dirk Wetter 251e3f9a3b Merge pull request #371 from dcooper16/fix_issue_276
Fix issue #276
2016-07-04 23:25:13 +02:00
Dirk 0b5705fff4 FIX #258, FIX #398
partly addressed: #246
2016-07-04 23:05:12 +02:00
Dirk f01bff973a renamed function, better banner for logging 2016-07-04 13:59:39 +02:00
Dirk 491a03233b updating neat_list() to be faster and more compatible to openssl 1.1.0 with new chacha/poly ciphers 2016-07-03 22:35:21 +02:00
Dirk d5242c255e FIX #384 2016-07-03 21:45:49 +02:00
Dirk 32f249b0c2 enabling sockets for client testing per default #375 2016-07-01 18:26:05 +02:00
Dirk 2362cd8745 wording for GOST sig algos and keys 2016-07-01 12:03:46 +02:00
David Cooper a8f3223100 Fix typo
Fix typo in parsing $CIPHERS_BY_STRENGTH_FILE.
2016-06-30 13:50:47 -04:00
David Cooper c4d6f3fb58 Merge branch 'master' into openss2rfc_rfc2openssl
Conflicts:
	testssl.sh
2016-06-29 09:59:52 -04:00
David Cooper 53dec241f1 Merge branch 'master' into fix_issue_276 2016-06-29 09:56:08 -04:00
Dirk 36d300b74e add line when using sockets for client simulation 2016-06-28 12:21:50 +02:00
David Cooper be85fbf2b7 Update IE client simulation data
Change client data for IE 8-10 and IE 11 to match ssllabs.
2016-06-24 16:14:41 -04:00
David Cooper 799c6a5fd0 Handle missing $MAPPING_FILE_RFC
Changed code for run_client_simulation() so that cipher is output when sockets are used even if $MAPPING_FILE_RFC is missing. Also, updated the client data.
2016-06-24 15:48:40 -04:00
David Cooper d30dbe3c41 Merge branch 'master' into openss2rfc_rfc2openssl 2016-06-24 13:25:11 -04:00
David Cooper f2077b7726 Merge branch 'master' into fix_issue_276 2016-06-24 13:23:07 -04:00
David Cooper 0e58e272f8 Merge branch 'master' into client_sim_sockets
Conflicts:
	testssl.sh
2016-06-24 13:18:25 -04:00
Dirk 5cb4b722b4 in client simulation it should be TLSv1.0 instead of TLSv1.0 2016-06-24 19:01:00 +02:00
Dirk 93204937c5 FIX #376 2016-06-23 19:42:26 +02:00
David Cooper dd8788d670 Merge branch 'master' into fix_issue_276 2016-06-23 09:42:18 -04:00
David Cooper 549d432dc7 Merge branch 'master' into openss2rfc_rfc2openssl 2016-06-23 09:38:04 -04:00
David Cooper bebdc3c70e Merge branch 'master' into client_sim_sockets 2016-06-23 09:24:54 -04:00
Dirk 68353db42b polishing #382 2016-06-23 14:33:26 +02:00
Dirk Wetter 31c8979d41 Merge pull request #382 from seccubus/mass_and_file_out
Allow the file output feature and mass_test feature to work together
2016-06-23 13:40:09 +02:00
Dirk Wetter b5b9dd8712 Merge pull request #387 from bad/master
porting to NetBSD
2016-06-23 12:15:02 +02:00
Dirk ef23703903 fix for #389 2016-06-23 12:04:45 +02:00
Florian Schuetz 18c5f273c3 HSTS: check if max-age is present and nonzero 2016-06-21 21:24:24 +02:00
Florian Schuetz f8579ee2f7 Fix HSTS/HPKP includeSubDomains and preload being broken in file output. 2016-06-21 08:57:39 +02:00
Christoph Badura 0fd261eb6c Refactor date parsing. Makes testssl.sh work on NetBSD too.
Introduce a parse_date() function to handle all date parsing.
Check for the following date(1) variants:
GNU: accepts "-d date-to-parse".
FreeBSD/OS X: accepts "-j -f input-format"
everything else: accepts "-j date-to-parse"

usage: parse-date date output-format input-format

Tested on NetBSD, OS X 10.11 and Debian jessie.
2016-06-20 22:01:13 +02:00
Christoph Badura 48d5e5a7a1 Drop remaining '\c's in printf(1) arguments. 2016-06-20 22:01:13 +02:00
David Cooper b8b779b419 Use sockets for client simulations
Modify run_client_simulation() to send the ClientHello from https://api.dev.ssllabs.com/api/v3/getClients (modified to use the correct value in the server name extension) if $EXPERIMENTAL is true, $STARTTLS is empty, and $SSL_NATIVE is false.
2016-06-17 16:33:00 -04:00
David Cooper 5a5424653b Merge branch 'master' into openss2rfc_rfc2openssl
Conflicts:
	testssl.sh
2016-06-17 16:16:38 -04:00
David Cooper 2b4d10137a Merge branch 'master' into fix_issue_276 2016-06-17 16:14:24 -04:00
Dirk Wetter 02e9f5cd23 fix colum spacing again for all alg chacha poly ciphers 2016-06-15 21:31:10 +02:00
Dirk Wetter d10dd6d34c align old chacha/poly ciphers output in OPENSSL name, see #379 2016-06-15 20:12:48 +02:00