Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-11 03:00:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,229 Commits 15 Branches 30 Tags 212 MiB
cd01a656c7
Commit Graph

1229 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
cd01a656c7 FIX #543 2017-03-25 12:33:10 +01:00
Dirk Wetter
dbf6318439 Merge pull request #676 from dcooper16/minor_bugs 
Fix two minor bugs
 2017-03-24 19:09:57 +01:00
Dirk Wetter
7069fb4c67 Merge pull request #675 from dcooper16/fix_client_simulation_2.8 
Fix client simulation in 2.8
 2017-03-24 18:45:54 +01:00
Dirk Wetter
d7c5e0240f Merge pull request #673 from khorben/master 
Typo
 2017-03-24 18:41:38 +01:00
David Cooper
d7e4c3519b Fix two minor bugs 
Two of the minor bugs that were fixed by #672 in the 2.9dev branch also appear in 2.8.
 2017-03-24 11:58:54 -04:00
David Cooper
3451083bbd Fix client simulation 
In `create_client_simulation_tls_clienthello()` the variable `sni_extension_found` should be set if the ClientHello includes an SNI extension. Instead it was being set if and only if the ClientHello included some extension other than SNI.

This bug wasn't detected before for two reasons:

    It is rare to have a ClientHello that includes an SNI extension, but no other extensions.

    The code still works correctly if `sni_extension_found` is set even if there is no SNI in the ClientHello.

So, the bug only creates a problem if the browser's ClientHello include an SNI extension and no other extensions (see "BingPreview Jun 2014" in the client_simulation branch).
 2017-03-24 11:48:01 -04:00
Pierre Pronchery
8e15454f4c Typo 2017-03-24 13:11:24 +01:00
Dirk
faefe62bea FIX #654 (no logfile when -file is specified) 2017-03-23 16:19:23 +01:00
Dirk
f8bb74519d make MSYS2 work again ;-) 2017-03-01 18:33:47 +01:00
Dirk
9c721a1613 bumping up version to 2.8pre1 
doing some corrections with shellcheck (see #434)

updating client simulation (see #394, #423) for a quick solution for 2.8 (#393)

FIX #407
 2017-02-24 16:31:13 +01:00
Dirk
9d9bfdf369 FIX #641 2017-02-21 17:46:10 +01:00
Dirk
205c522178 catch border cases better (GOST ONLY, server w handshake limits) 2017-02-21 11:21:35 +01:00
Dirk
2df7982890 - fix heartbleed detection which sometimes case false positives over slow connections like sattelite links, partially addressing #352 
- made CCS I more robust, FIX #313,
- removed CATs ;-)
- bumped up version to rc4 (like ARCFOUR) ;-)
 2017-02-21 10:40:18 +01:00
Dirk
c4c5130a39 - FIX #591 (and in JSON for HSTS+HPKP too) 
- HSTS and HPKP have now similar output
 2017-01-19 21:09:25 +01:00
Dirk
89e8fcace3 FIX #566 2017-01-17 14:03:09 +01:00
Dirk
76b4cac292 add lf before -E 2017-01-17 12:02:05 +01:00
Dirk
1f76e8fa09 FIX #587 2017-01-16 14:12:32 +01:00
Dirk
1ca6c130b9 see #575 2016-12-29 00:03:36 +01:00
Dirk
dacb1611c4 remark4default_cipher in fileout fixed 2016-12-28 23:57:37 +01:00
Dirk
fd7cd54ca1 - unify timeout msgs on the console 2016-12-20 14:26:12 +01:00
Dirk
4ff62b9fe8 regression fix #290, see #549 2016-12-11 18:21:41 +01:00
Dirk
c985f68533 see #544 2016-12-01 18:21:09 +01:00
Dirk Wetter
c23e097cb8 Merge pull request #525 from tecknicaltom/fix_duplicate_id_client_sim 
fix a duplicate test id in the client sim section
 2016-11-19 20:00:46 +01:00
Tom Samstag
4510e407fe fix a duplicate test id in the client sim section 
The Apple ATS 9 iOS 9 client simulation test had an incorrect short name
which resulted in a duplicate ID in the JSON output
 2016-11-16 10:45:13 -08:00
Dirk Wetter
4057bc52ff Merge pull request #513 from dcooper16/fix_x25519 
Curve X25519 fixes
 2016-11-09 21:19:29 +01:00
David Cooper
43b35b8cc2 Curve X25519 fixes 
This PR fixes two issues related to curve X25519.

First, while OpenSSL 1.1.0 supports curve X25519, it is not included in the output of `$OPENSSL ecparam -list_curves`. I tried several versions of OpenSSL (and one version of LibreSSL), and every version output either "Error with command" or "unknown option" in response to `$OPENSSL s_client -curves $curve` if it either did not support the `-curves` option or did not support `$curve`. (When the `-curve` option was supported with `$curve`, a "connect" error was output.)

The second issue is that the "Server Temp Key" line in the output of `s_client` is different for curve X25519. For other elliptic curves, the output is
```
Server Temp Key: ECDH, P-256, 256 bits
```
For X25519 it is:
```
Server Temp Key: X25519, 253 bits
```
So, `read_dhbits_from_file()` needs to allow for `$what_dh` being "X25519" rather than "ECDH" and `run_pfs()` needs to allow for the possibility that the curve name will be the first field rather than the second.
 2016-11-08 10:10:14 -05:00
Dirk
4f99d9d658 update 2016-11-07 21:03:45 +01:00
Dirk
65c03a99ba update 2016-11-05 15:02:00 +01:00
Dirk
72ac0734d1 tolower 2016-11-05 14:55:30 +01:00
Dirk
f18a398ce3 handle better missing ca_hashes.txt 2016-11-04 08:39:14 +01:00
Dirk Wetter
63ec369f34 output polish 2016-10-29 15:37:30 +02:00
Dirk Wetter
df2704dc20 Merge pull request #498 from Sousaphone/master 
Apple ATS9 client simulation
 2016-10-28 21:31:39 +02:00
Dirk
99300a0059 bump version 2016-10-27 22:02:35 +02:00
Dirk
00a5d19276 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-10-27 22:00:19 +02:00
Dirk
337e66fc61 Merge branch 'CA_pinning' 2016-10-27 21:59:42 +02:00
Dirk
1613bb214e Merge branch 'master' into CA_pinning 
Conflicts:
	testssl.sh
 2016-10-27 21:59:10 +02:00
Dirk Wetter
bfad620bf5 Update Readme.md 2016-10-21 22:16:19 +02:00
Thomas Alexander Frederiksen
217f2fb91a Apple ATS9 client test 2016-10-19 10:54:37 +02:00
Dirk
5e5edd5c89 FIX #490 2016-10-15 22:55:24 +02:00
Dirk Wetter
6abca0c598 Merge pull request #495 from mailsvb/minor_display_fix_ssl3_offer 
remove additional pr_off at the end of sslv2 check
 2016-10-14 22:07:19 +02:00
mailsvb
4ce4d922ac remove additional pr_off at the end of sslv2 check 2016-10-12 22:32:35 +02:00
Dirk
d32dbdaff3 Updating MS store, sill small, still not automated/cumbersome not sure if ok 2016-10-12 21:15:37 +02:00
Dirk
6723622024 - do not do HTTP2+SPDY checks if non-STARTTLS but also non-HTTP 
- ASSUMING_HTTP --> ASSUME_HTTP
- minor cleanups
 2016-10-11 22:30:30 +02:00
Dirk Wetter
d59c581700 Update Readme.md 2016-10-11 12:17:33 +02:00
Dirk
77f98e73e2 medium only for "Secure Client-Initiated Renegotiation" != HTTP 2016-10-10 23:27:34 +02:00
Dirk Wetter
51912944ec Merge pull request #492 from mailsvb/CA_BUNDLES_PATH 
fix usage of CA_BUNDLES_PATH env for local ca_bundles
 2016-10-09 10:22:22 +02:00
mailsvb
5a967302dc fix usage of CA_BUNDLES_PATH env for local ca_bundles 2016-10-08 22:50:44 +02:00
Dirk
1c5eb17729 (saving work): major cleanups for output readability and code 2016-10-06 18:53:25 +02:00
Dirk
bd64fb4214 minor putput cleanup for headers 2016-10-03 21:17:29 +02:00
Dirk Wetter
f9d44484af Merge branch 'master' of github.com:drwetter/testssl.sh 2016-10-03 21:01:54 +02:00