Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-14 16:02:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,653 Commits 16 Branches 34 Tags
d2cbbaf0b1bdbc8cacd72c31edb730ad575fd5d4
Commit Graph

1653 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
d2cbbaf0b1 - FIX #636 
- polish
 2017-02-16 19:10:59 +01:00
Dirk Wetter
a973386c0a Merge pull request #635 from dcooper16/run_protocols_bugfix 
run_protocols() bug fix
 2017-02-15 19:44:53 +01:00
Dirk
c204a0b942 --proxy=auto takes now the value from https_proxy 
- made DNS lookups safe (CNAME) and awk'd them almost completely ;-)
- invocation of just testssl.sh shows help again
 2017-02-15 19:40:06 +01:00
David Cooper
2456c80821 Fix early newline 
In the case that `tls_sockets()` is being used and the server incorrectly fails the connection rather than downgrading, testssl.sh is printing "not offered" on one line and then the error message on the next line, but all the text should appear on one line (as it does when testing TLS 1 and TLS 1.1).
 2017-02-15 11:47:11 -05:00
David Cooper
efdb8c036d Merge branch '2.9dev' into run_protocols_bugfix 2017-02-15 08:45:01 -05:00
Dirk Wetter
502601c95e Merge pull request #633 from k0ste/2.9dev_newfeature 
DNS CAA: drill query support.
 2017-02-15 14:01:36 +01:00
Konstantin Shalygin
cdc5e89b64 DNS CAA: drill query support. 2017-02-15 19:50:08 +07:00
David Cooper
004cbad07b run_protocols() bug fix 
Since the test for TLS 1.2 in `run_protocols()` now uses `tls_sockets()` whenever `$ssl_native` is `true` (i.e., there is no longer a requirement for `$EXPERIMENTAL` to be true as well), the `$EXPERIMENTAL` flag should no longer be checked if the return value is 1.
 2017-02-14 16:43:46 -05:00
Dirk
4b193119b3 - made CCS I more robust, FIX #313 
- removed cats ;-) FIX #352
 2017-02-14 21:56:31 +01:00
Dirk
422171a0fa - fixed bug where terminal width was not inherited in file batch mode so that terminal wdith appeared to be 80 chars 
- hint when URI is missing
- PFS_CIPHERs rather locally
 2017-02-14 20:40:38 +01:00
Dirk
a22e4e5228 - fix heartbleed detection which sometimes case false psoitives over slow connections like sattelite links, partially addressing #352 
- start revamping run)ccs_injection
- fix missing space in BEAST after protocol
 2017-02-14 19:45:14 +01:00
Dirk Wetter
67fb3feff8 Merge pull request #630 from dcooper16/show_rfc_ 
Option to show RFC cipher names
 2017-02-14 09:28:15 +01:00
David Cooper
1dc132c6a4 Option to show RFC cipher names 
When a list of cipher suites is being displayed using `neat_list()`, testssl.sh shows the cipher suite's OpenSSL name and (in most cases) the RFC name as well. However, in all other cases only the OpenSSL name is shown.

This PR adds the option to have cipher suite's RFC names shown instead of the OpenSSL name, by including `--mapping rfc` in the command line. [Note: if the cipher-mapping.txt file cannot be found, then the `--mapping rfc` option is ignored and the OpenSSL names are shown.]

This PR seems to be related to issue #9, but #9 may be been referring to the output created by `neat_list()`.
 2017-02-13 16:07:25 -05:00
Dirk Wetter
971c8e8b63 Update Readme.md 2017-02-13 09:33:50 +01:00
Dirk Wetter
c252d5ab28 Update Readme.md 2017-02-13 09:33:03 +01:00
Dirk
7d6f1eb46f polishing #628, mostly make sure we automatically align to terminal width 2017-02-13 09:06:10 +01:00
Dirk Wetter
21cd97b08a Merge pull request #628 from dcooper16/format_long_lines 
Wrap long lines
 2017-02-13 08:52:07 +01:00
Dirk
d2f688e925 CAA RR belongs also in JSON, see #588 2017-02-11 14:16:18 +01:00
Dirk
8dabc28280 also made sure that all old dns binaries work (SLES 11, FreeBSD 9) 2017-02-11 14:01:51 +01:00
David Cooper
45379ce1f9 Fix subjectAltName indendation 
The PR didn't account for the indentation of the subjectAltName differing depending on whether the server has one or more than one certificate.
 2017-02-09 13:29:22 -05:00
David Cooper
c92131c072 Don't collect number of bits in run_pfs() 
The `bits` array is no longer needed in `run_pfs()` since the information collected is not being used.
 2017-02-09 11:45:29 -05:00
David Cooper
d4455081f0 Wrap long lines 
This PR addresses the issue raised in #623. This PR is based on the function `out_row_aligned_max_width()` that I proposed in #623, but the `out_row_aligned_max_width()` in this PR is a little different. It takes a fourth parameter, which is the function to use to print each word in the text string to be printed. This is used in `run_pfs()` so that the "Elliptic curves offered" can be printed using this function (some servers support 25 curves), while still having the curves printed using color-coding to indicate the quality of each curve.

I somewhat arbitrarily have each line wrap at 120 characters, but that could be changed (e.g., to `$TERM_WIDTH`).
 2017-02-09 11:36:24 -05:00
Dirk
386aa92448 keep detected status of WSL / bash on windows in a variable, see also #620 2017-02-08 09:08:05 +01:00
Dirk
0200100750 see #620 2017-02-08 08:58:28 +01:00
Dirk Wetter
0b7e9b18b8 Merge pull request #620 from teward/2.9dev 
Attempt to force system binaries for WSL
 2017-02-08 08:54:20 +01:00
Dirk Wetter
0810f2a719 Merge pull request #609 from dcooper16/handle_supported_groups 
Handle renaming of the Supported Elliptic Curves Extension
 2017-02-08 08:11:23 +01:00
Dirk
0d993427a3 - enabling TLS 1.2 via sockets 
- enabling sockets in run_protocols STARTTLS per default
- minor output polishing
 2017-02-07 23:08:29 +01:00
Thomas Ward
6140aa8b8c Attempt to force system binaries for WSL 2017-02-07 15:59:09 -05:00
Dirk Wetter
edb358b3e0 Merge pull request #595 from dcooper16/rename_ephemeral_DH_ciphers 
Rename cipher lists for run_logjam()
 2017-02-07 17:51:07 +01:00
David Cooper
4fab1830cb Merge branch '2.9dev' into handle_supported_groups 2017-02-06 13:49:05 -05:00
David Cooper
f03ae865d8 Merge branch '2.9dev' into rename_ephemeral_DH_ciphers 2017-02-06 13:48:35 -05:00
Dirk
48e264a193 fixed regression #611 2017-02-06 17:47:17 +01:00
David Cooper
f519e42507 Merge branch '2.9dev' into rename_ephemeral_DH_ciphers 2017-02-06 08:48:45 -05:00
David Cooper
321d5e0c9d Merge branch '2.9dev' into handle_supported_groups 2017-02-06 08:47:11 -05:00
Dirk
54e0395969 Reverse #600 but leave the hook in here, ANSI code for strikethru 2017-02-06 11:06:59 +01:00
Dirk Wetter
03daa1be35 Merge pull request #608 from dcooper16/neat_list_camelliagcm 
Fix neat_list() for Camellia GCM
 2017-02-06 10:41:01 +01:00
Dirk
a9cddd7afb see #611 2017-02-04 15:11:03 +01:00
Dirk Wetter
e95f9a8d0a Merge pull request #611 from dcooper16/print_two_CRL_or_OCSP_URI 
Fix Two CRL and/or two OCSP URLs
 2017-02-04 15:06:18 +01:00
Dirk
3a21097cc5 HTTP/1.1 GET handler for #254 2017-02-04 14:13:33 +01:00
Dirk Wetter
59c3286775 Merge pull request #612 from dcooper16/update_fix_587 
Update fix to 587
 2017-02-04 12:14:09 +01:00
Dirk
5046b80414 first draft of LUCKY13 (128 cipher limit has to be addressed) 2017-02-03 22:36:04 +01:00
David Cooper
e18f5821d2 Merge branch '2.9dev' into rename_ephemeral_DH_ciphers 2017-02-03 13:42:04 -05:00
Dirk
cb1d133528 preparing for lucky13 2017-02-03 17:40:35 +01:00
David Cooper
79bfe1103c Merge branch '2.9dev' into update_fix_587 2017-02-03 08:47:29 -05:00
David Cooper
b2de5c4ac9 Merge branch '2.9dev' into print_two_CRL_or_OCSP_URI 2017-02-03 08:46:40 -05:00
David Cooper
f273b5ed8c Merge branch '2.9dev' into handle_supported_groups 2017-02-03 08:45:40 -05:00
David Cooper
da59ea11c2 Merge branch '2.9dev' into neat_list_camelliagcm 2017-02-03 08:44:36 -05:00
David Cooper
1079a05d42 Merge branch '2.9dev' into rename_ephemeral_DH_ciphers 2017-02-03 08:44:07 -05:00
Dirk
925e1061b2 - renamed pr_svrty_minor --> pr_svrty_low to reflect the level literally 
- minor polishing
 2017-02-03 13:03:22 +01:00
Dirk
b9232fd5d0 Fix TLS_FALLBACK_SCSV detection for non RFC compliants F5 loadbalancers. They pass now the test but get additonally penalized for their non compliance, see also https://github.com/drwetter/testssl.sh/issues/121#issuecomment-113790270 2017-02-03 11:47:21 +01:00