Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 18:18:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,990 Commits 15 Branches 34 Tags
ce96cc581628eca7ddefec9180b1668d9597ed4d
Commit Graph

4990 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
e30b558860 Remove redundant commands 
.. see https://github.com/testssl/testssl.sh/issues/2420#issuecomment-1762749767

As suggested by @polarathene the not needed repos are more elegantly removed,
commands for removing util-linux removal and zypper up were redudant and thus
squashed.

First stage was build manually and it looked fine.

This fixes #2439 .
 2025-04-22 13:28:30 +02:00
Dirk
ffe5dea844 remove misleading command 2025-04-22 12:55:42 +02:00
Dirk
b4cdc37f9e trailing zero sounds better / is more distinguishable 2025-04-22 12:47:48 +02:00
Dirk
295a68e7ab Just bump version for upcoming release 2025-04-18 13:32:53 +02:00
Dirk Wetter
6746fa54b8 Merge pull request #2740 from testssl/update_CAs 
Update CA stores for 3.2
 2025-04-18 13:17:50 +02:00
Dirk
d1440d646d For better autoselction w mouse move comma 2025-04-17 18:50:48 +02:00
Dirk
668b98c9ce remove DST Root CA X3.txt 2025-04-17 18:41:44 +02:00
Dirk
3dad99a93a Update Java, Apple and MS store 
- Java is from JDK 21
- Apple and MS from this week
 2025-04-17 18:39:02 +02:00
Dirk
41c3110c0e Update Linux and Mozilla CA store 
- Linux: Debian 12
- Mozilla from 2025-02-25
 2025-04-17 18:03:50 +02:00
Dirk Wetter
128d8b5997 Merge pull request #2731 from testssl/new_Handshakes 
Update handshakes
 2025-04-17 16:13:31 +02:00
Dirk
ebb7cf558e Update handshake 2025-04-16 21:48:30 +02:00
Dirk
81e4856b79 fix typo 2025-04-16 21:35:27 +02:00
Dirk
4a2228f401 Updating Android handshakes 
- Android 13 and 14 were added. They are the same, see ja3 + ja4 value
- as it turned out Android 11 and 12 have also the same ja3 + ja4 values (retrieved from old pcap files)
- so both will be labeled 11/12 an 13/14
- old pcaps from Android 11/12 showed no ALPN --> corrected
 2025-04-16 21:28:08 +02:00
Dirk Wetter
a701541318 Merge pull request #2735 from dcooper16/tls13_pq_kx 
Support decrypting TLS 1.3 handshakes with PQ key exchange
 2025-04-11 12:22:25 +02:00
David Cooper
d1531cdf60 Support decrypting TLS 1.3 handshakes with PQ key exchange 
This commit modifies testssl.sh so that TLS 1.3 handshakes that use post-quantum algorithms for key exchange can be decrypted, if $OPENSSL supports the algorithms.
 2025-04-10 14:05:30 -07:00
Dirk Wetter
459ccee589 Merge pull request #2737 from dcooper16/tls13_pq_sigalg 
Support ML-DSA server keys
 2025-04-10 20:49:29 +02:00
David Cooper
ecaa7878e5 Support ML-DSA server keys 
This commit adds support for server certificates that have ML-DSA pubilc keys. It also adds supports for certificates that are signed with ML-DSA or SLH-DSA. The ML-DSA code points for the signature_algorithms extension are taken from https://datatracker.ietf.org/doc/draft-tls-westerbaan-mldsa/ and are the ones used by OpenSSL 3.5.0.
 2025-04-10 09:15:04 -07:00
Dirk Wetter
3fbceada58 Merge pull request #2736 from testssl/rm_krb 
Remove KRB cipher info
 2025-04-10 13:23:16 +02:00
Dirk
7b6a7d7ade Remove KRB cipher info 2025-04-10 13:22:09 +02:00
Dirk Wetter
04a592307a Merge pull request #2732 from dcooper16/supported_cuves_list 
Get supported groups list from OpenSSL 3.5.0
 2025-04-10 09:57:20 +02:00
Dirk
fdb2da80d6 fix typo 2025-04-09 20:35:44 +02:00
Dirk
5d9d5276e3 Firefox 137 (Win 11) 2025-04-09 20:28:31 +02:00
Dirk
51fce5feb1 fix ja3/4 for Edge 133 Win 11 23H2 2025-04-09 20:18:24 +02:00
Dirk
b18dd2aa28 Edge 133 Win 11 23H2 2025-04-09 20:14:42 +02:00
Dirk
647aeae205 Update docu and (futile) perl script 2025-04-09 20:00:47 +02:00
Dirk
f337f53e49 Reorder Java 8 2025-04-09 19:40:12 +02:00
Dirk
85232b7bc5 Chromium 137 Win 11 2025-04-09 19:31:35 +02:00
Dirk Wetter
8b1339b29d Merge pull request #2734 from PeterDaveHello/FixDockerHubReadmeBadge 
Fix Docker Hub badge in Readme.md
 2025-04-09 18:51:08 +02:00
David Cooper
9f48c51dc7 Get supported groups list from OpenSSL 3.5.0 
In OpenSSL 3.5.0 the `list` command can be used to obtain a list of supported groups for TLS. The commit makes use of this command when $OPENSSL is OpenSSL 3.5.0 or later. This should be faster than testing curves one at a time.
 2025-04-09 09:21:54 -07:00
Dirk
84e77d2bb0 Java 21 2025-04-09 17:07:19 +02:00
Dirk
31e2f43eec LibreSSL update 3.3.6 (MacOS) 
.. renaming that to macOS instead "Apple".
 2025-04-09 16:51:26 +02:00
Dirk
4f696f94df Add openssl 3.0.15 (from Debian) 
... and set OpenSSL 3.0.3 (git) as not to list
 2025-04-09 16:39:05 +02:00
Dirk
e4cdca9e63 Add Safari 18.4 @ MacOS 15.4 2025-04-09 15:53:11 +02:00
Dirk
d601f33a37 Merge branch '3.2' into new_Handshakes 2025-04-09 10:59:40 +02:00
Dirk Wetter
bc0c9f9c4b Merge pull request #2733 from dcooper16/ossl35_client_sim 
OpenSSL 3.5.0 client simulation
 2025-04-09 10:46:20 +02:00
David Cooper
3a8038636d OpenSSL 3.5.0 client simulation 
Add OpenSSL 3.5.0 to etc/client-simulation.txt.
 2025-04-08 15:26:41 -07:00
Dirk
0d7c33ab7f deprecate more 
- Safari 12.1 (iOS 12.2)
- Firefox 66 (Win 8.1/10)
 2025-04-08 16:14:37 +02:00
Dirk
887653a033 Deprecate a few entries ... 
- Android 5+6
- Chrome 79 Win 10
- IE 6 XP
- IE 8 XP
- Safari 13.0 (macOS 10.14.6)
- OpenSSL 1.1.0l (Debian)

... before new ones are added
 2025-04-08 16:06:55 +02:00
Dirk
7939144af1 Swap Android 6 for Android 5 
... as it seems to habe more market share
 2025-04-08 15:49:44 +02:00
Dirk
58ddfd8a24 Add hint for JA3/4 
+ minor corrections
 2025-04-07 19:38:05 +02:00
Dirk
45be26db7c Add Java 8u442 handshake 
Also the ja3 and ja4 values were added as retrieved from wireshark.

See also #2430 .
 2025-04-07 19:36:34 +02:00
Peter Dave Hello
be4aa6ec6c Fix Docker Hub badge in Readme.md 2025-04-07 05:08:59 +08:00
Dirk Wetter
06682990ba GHCR clearer 2025-04-06 20:29:18 +02:00
Dirk Wetter
f7f35fe4c6 Merge pull request #2729 from testssl/ghcr.io-doc 
Add minimal doc for GHCR
 2025-04-06 18:29:07 +02:00
Dirk Wetter
ac0419eaad Add minimal doc for GHCR 2025-04-06 18:27:37 +02:00
Dirk Wetter
b20add1d12 Merge pull request #2684 from testssl/new_binaries 
Start working on a set of new binaries
 2025-04-04 14:15:00 +02:00
Dirk Wetter
b7f9ff1bf2 Merge pull request #2727 from dcooper16/chacha20 
ChaCha20 decryption
 2025-04-04 11:54:05 +02:00
Dirk Wetter
be9a85c1f7 Merge pull request #2726 from dcooper16/fix_has_uds_checks 
Fix checks with HAS_UDS and HAS_UDS2
 2025-04-02 21:47:41 +02:00
David Cooper
f6ff390799 Fix checks with HAS_UDS and HAS_UDS2 
This commit fixes a check where the Boolean variables $HAS_UDS and $HAS_UDS2 are checked for whether they are empty rather than for whether they are true.
 2025-04-02 08:03:58 -07:00
David Cooper
e2accb6442 ChaCha20 decryption 
Decryption is TLS 1.3 handshakes is very slow if the response is encrypted using ChaCha20 and the $OPENSSL enc command does not support ChaCha20. This commit mitigates that problem by using $OPENSSL2 for ChaCha20 decryption if such decryption is needed and $OPENSSL does not support it.

This commit also changes testssl.sh to make use of $OPENSSL2 for AES-GCM decryption, when $OPENSSL2 supports it, but $OPENSSL does not. However, this change is not as important. Implementing AES-GCM in Bash using $OPENSSL for AES ECB operations isn't nearly as slow as fully implementing ChaCha20 in Bash.
 2025-04-02 07:55:31 -07:00