Commit Graph

31 Commits

Author SHA1 Message Date
Dirk
c3927d00c8 Document --phone-out 2018-04-27 21:37:44 +02:00
Dirk
ddf5ff6bc9 Minor additions wrt --color=3 and fname prefix 2018-04-26 09:39:30 +02:00
Dirk
e7619fa8d9 Documenting exit error codes improvements
See prevoius commit b2be380b54 and
issue #985 / #752.
2018-04-12 18:14:14 +02:00
Dirk
36247fecf2 fix no-DNS related error in documentation 2018-04-12 01:19:02 +02:00
Dirk
2a4de68c59 Merge branch 'nodns-935' into 2.9dev 2018-04-12 01:06:33 +02:00
Dirk
557942cb0a Change logic and add conservative value for -n/--nodns (#935)
This PR changes the logic the no-DNS switch works. The switch
now expects a value. "min" does minimum lookups, "none" does
no lookups at all (details see testssl.sh(1) ). "none" is
equivalent to the paranoid (boolean) value "true" before.
2018-04-12 00:19:52 +02:00
Karsten Weiss
eead9f62d9 Fix typos found by codespell 2018-04-10 17:37:04 +02:00
Dirk
eb3b3a1988 be more verbose what --warnings=batch means (see #1027) 2018-04-05 22:02:35 +02:00
Dirk
1924c9a0a6 Connectivity problems, man page update
See previous commit

This commit finally fixes #1005 so that either a --ssl-native scan
terminates on the next (defined) occasion if there are network connectivity
problems. It introduces another set of variables (MAX_OSSL_FAIL vs. NR_OSSL_FAIL).
As "openssl s_client connect" is sometimes still being used without --ssl-native
it also shortens the wait for regular scans if an outage is encountered.
To make things easier bot sets (incl. *_SOCKET_FAIL) of variables are independent.

For the seldom case that somebody uses --ssl-native with client checks an exception
had to be made as otherwise only MAX_OSSL_FAIL client check would be performed.
This hasn't been understood yet...

As sometimes HTTP header requests (over OpenSSL) fail repeatedly in a way that an empty
reply is returned, the same strategy of detecting problems is applied here,
using MAX_HEADER_FAIL and NR_HEADER_FAIL.

All three detection mechanisims share a new function connectivity_problem().
2018-03-28 17:48:04 +02:00
Dirk
2e5dd0439a document variable for previous commit 080840f 2018-03-02 20:57:06 +01:00
Dirk
b5fcc00031 reflect previous commit of changed treatment of --severity
... and some minor polishing
2018-03-01 15:13:55 +01:00
Dirk
ba8d613aa5 Add documentation about the current and corrected exit codes 2018-02-14 23:40:08 +01:00
Dirk
01f7612bd0 add keys to server defaults, cert start/end time in GMT 2018-01-29 23:43:25 +01:00
Dirk
659a6176b6 Add TLS 1.3, better explanation for -6 2018-01-28 12:47:05 +01:00
Dirk
0bc1f6f708 make MAX_PARALLEL and MAX_WAIT_TEST configurable + documentation 2017-12-27 09:50:34 +01:00
Dirk
1488baeac5 Documentation of CA_BUNDLES_PATH
See also #941
2017-12-20 09:00:00 +01:00
Dirk
c23f47858d Overwrite as a default empty files
This commit tries to address #934. Empty files can now
be overwritten without exiting with an error.
2017-12-14 10:06:19 +01:00
David Cooper
5de873f8bc Test for vulnerability to Bleichenbacher attack
This PR adds a test to check whether a server that supports ciphers suites that use RSA key transport (TLS_RSA) are vulnerable to Bleichenbacher attacks (see http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf).
2017-12-12 09:51:48 -05:00
Dirk
47409a32d6 delayed commit for file prefix
Also added David
2017-11-24 23:13:38 +01:00
Dirk
e450eb34e4 FIX #846 -- add output filename prefix
This commit adds the possibility to supply a output
file name prefix via --outprefix or FNAME_PREFIX
2017-11-14 19:41:25 +01:00
Dirk
9daec2a515 Add "auto" keyword to -oA/-oa (FIX #887)
File names are now auto-generated by using "-oA auto" / -oa "auto"
--similar to --csv and friends.

Also the formerly hidden switches --outFile and --outfile were added in the
help and in the manual.
2017-11-01 09:58:52 +01:00
Dirk
2aeabd19b2 Better clarification on bit size and encryption strength
Fix #770
2017-10-31 12:00:09 +01:00
Dirk
a85ca3c250 FIX #765
Inconsistency in using optional and mandatory parameters in help and man page
2017-10-26 11:46:14 +02:00
Dirk
d3795f1254 Add output options similar to nmap (FIX #861) 2017-10-20 16:32:57 +02:00
Dirk
e32479818d mentioning BiGIP cookies and MongoDB 2017-09-27 09:25:22 +02:00
Dirk
f6cf96d916 polish help for -g option 2017-09-23 12:54:44 +02:00
Dirk
68509694d4 NO_ENGINE (#834) and GREASE (#814) 2017-09-23 11:55:09 +02:00
David Cooper
a6f7121d25 Correct typos 2017-09-20 12:10:29 -04:00
Dirk
9345b55865 added ALL_CLIENTS for client siumulation 2017-08-30 23:40:47 +02:00
Dirk
8b2dfb81c5 reflect 37c8ee8c4e: debug level 2 is showing only minimal information like rough status and errors 2017-07-26 23:13:57 +02:00
Dirk
f2d07ec22b First draft of the manpage
Until the content is finalized the plan is to keep it in MD format.
For medium terms it is something which needs to be reconsidered
as markdown as the source format for documentation has too many limits.
Happy for suggestions here.

In the meantime here's what needs to be done:

* finalizing (see comments)
* proofreading 1: accuracy, logic, more content related
* proofreading 2: grammar, spelling
* more? pls let me know
2017-07-13 12:27:28 +02:00