David Cooper
e17b1c17bb
Support RFC 9150 cipher suites
...
This commit adds support for the two cipher suites in RFC 9150, TLS_SHA256_SHA256 and TLS_SHA384_SHA384. These are authentication and integrity-only cipher suites.
2024-10-28 15:07:22 -07:00
Dirk Wetter
6452ec997e
Merge pull request #2589 from dcooper16/sha256_stapled_ocsp
...
Accept stapled OCSP responses that use SHA-256 in CertID
2024-10-17 09:46:10 +02:00
David Cooper
1f37a8406f
Accept stapled OCSP responses that use SHA-256 in CertID
...
This commit modifies check_revocation_ocsp() to check the revocation status of a certificate in a stapled OCSP response whether the response uses SHA-1 or SHA-256 in CertID.
2024-10-16 10:49:40 -07:00
Dirk Wetter
b2e6f990b9
Merge pull request #2588 from drwetter/fix_2582
...
Mute socat killing & improve STARTTLS grading explanation
2024-10-15 12:26:35 +02:00
Dirk
0abca6f067
Mute socat killing & improve STARTTLS grading explanation
...
Fixes #2582 .
2024-10-15 10:56:29 +02:00
Dirk Wetter
ba51ca7879
Merge pull request #2587 from drwetter/fix_hexdump_docker
...
Add link for hexdump correctly
2024-10-15 09:57:08 +02:00
Dirk
fc309b7ee0
Add link for hexdump correctly
...
... in Dockerfile, see #2586
2024-10-15 09:54:35 +02:00
Dirk Wetter
5064d3073c
Merge pull request #2584 from drwetter/upgradeDockerfile_Lep15.6
...
Upgrade Dockerfile to leap 15.6
2024-10-14 18:13:35 +02:00
Dirk Wetter
b7a4d5c692
Merge pull request #2583 from drwetter/minor_polish_unitTests
...
Minor polish unit tests
2024-10-14 18:08:35 +02:00
Dirk
0f44d6777a
Upgrade Dockerfile to leap 15.6
...
As EOL comes closer for openSUSE Leap 15.5 (https://en.opensuse.org/Lifetime )
an update is needed.
``busybox-util-linux`` and ``busybox-vi`` had to be removed as they don't exist
anymore. Busybox was added but hexdump was not provided by the vendor.
As busybox was compiled "properly" hexdump can be added by just linking to it.
This fixes #2563
2024-10-14 17:51:24 +02:00
Dirk Wetter
656726eaab
Merge pull request #2580 from drwetter/fix_2575
...
Fix json/csv output when STARTTLS problem is passed back
2024-10-14 17:16:09 +02:00
Dirk
e0e742379c
see previous commit
2024-10-14 17:15:43 +02:00
Dirk
ae77349f3a
see previous commit
2024-10-14 17:11:55 +02:00
Dirk
9b48c1641b
Minor polish unit tests
...
This PR (re-)names the unit test starter properly and improves for some unit tests the phrasing and formatting.
2024-10-14 17:08:12 +02:00
Dirk
33fd749af8
Fix json/csv output when STARTTLS problem is passed back
...
In rare cases testssl.sh writes in the terminal output "likely not offered" but
misses the "likely" in the json/csv output.
This fixes #2575 by adding that word and amending the return value 4 with
a comment.
2024-10-14 16:15:18 +02:00
Dirk Wetter
fee04f2db8
Merge pull request #2579 from drwetter/merge_2568
...
Merge 2568
2024-10-14 15:55:40 +02:00
Dirk
fa5664f434
Polish comment + grade cap reason for STARTTLS
2024-10-14 14:17:02 +02:00
Dirk
7c0ccb3da7
Fix HTML output in #2568
2024-10-14 13:08:45 +02:00
Dirk
6c771f7902
Merge branch '3.1dev' of https://github.com/magnuslarsen/testssl.sh into magnuslarsen-3.1dev
2024-10-14 13:03:46 +02:00
Dirk Wetter
ddb84c27ce
Merge pull request #2577 from drwetter/fix_f5_short_rfc1918
...
Fix F5 cookie in 10.x.x.x.
2024-10-12 19:30:19 +02:00
Dirk Wetter
6110843fd0
The F5 cookie decoder doesn't detect IPs in the 10.x.x.x space for non-encrypted cookies.
...
This fixes the regex pattern, see also
https://github.com/drwetter/F5-BIGIP-Decoder/pull/4/files
2024-10-09 15:47:50 +02:00
Dirk Wetter
541d3ff07a
Merge pull request #2574 from drwetter/dependabot/github_actions/docker/build-push-action-6.9.0
...
Bump docker/build-push-action from 6.8.0 to 6.9.0
2024-10-01 10:15:12 +02:00
dependabot[bot]
89fe5ebe7e
Bump docker/build-push-action from 6.8.0 to 6.9.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.8.0 to 6.9.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v6.8.0...v6.9.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-01 00:08:37 +00:00
Dirk Wetter
93e5d3bcd1
Merge pull request #2573 from drwetter/dependabot/github_actions/docker/build-push-action-6.8.0
...
Bump docker/build-push-action from 6.7.0 to 6.8.0
2024-09-30 09:27:54 +02:00
dependabot[bot]
67fd81a9bf
Bump docker/build-push-action from 6.7.0 to 6.8.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.7.0 to 6.8.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v6.7.0...v6.8.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-09-30 00:49:02 +00:00
Dirk Wetter
94bbfff50c
Merge pull request #2569 from DaanSelen/patch-1
...
Minor English change
2024-09-20 10:38:10 +02:00
dselen
53c07eff19
Confusion ensues
2024-09-20 10:20:58 +02:00
dselen
34ebe22e48
Minor English Readme.md changes
2024-09-20 10:19:21 +02:00
Magnus Larsen
69bdbeb982
feat(rating): line-wrapping comments for grade_cap_reasons
2024-09-18 09:08:07 +02:00
Dirk Wetter
92bc6d4873
Merge pull request #2565 from drwetter/automagic
...
Amend docs wrt STARTTLS, clarify automagic switch for TLS 1.3 only hosts
2024-09-08 14:49:58 +02:00
Dirk Wetter
04c5ee391d
"only" was important here
2024-09-08 13:19:16 +02:00
Dirk Wetter
4ce91d7d61
Explain OSSL_SHORTCUT better, "automagically" is the word we wanted to use
2024-09-08 12:27:51 +02:00
Dirk Wetter
c5b07e7d99
Make the client side security clearer for STARTTLS
...
... also in the man pages. See also #2564 .
2024-09-08 12:22:52 +02:00
Dirk Wetter
be3e7651bb
Merge pull request #2564 from drwetter/starttls_phrasing
...
Phrasing of reason for STARTTLS grading improved
2024-09-07 17:08:50 +02:00
Dirk
3b85f53d52
added an accidently erased char
2024-09-07 16:15:03 +02:00
Dirk
a1c67c0794
proper English
2024-09-07 16:03:53 +02:00
Dirk
f9edaa7fe1
Phrasing of STARTTLS grading improved
...
... a a comment added in the desciption.
Unfortunately I couldn't get the line wrapping working.
2024-09-07 15:51:12 +02:00
Dirk Wetter
30f80cf9b3
Merge pull request #2561 from drwetter/fix_1312
...
Fix 1312
2024-09-06 18:55:24 +02:00
Dirk Wetter
9efe597a86
Merge pull request #2562 from drwetter/revert-2547-drwetter-patch-1
...
Revert "Update Dockerfile to leap 15.6"
2024-09-06 18:00:14 +02:00
Dirk Wetter
bb7d9f4ac5
Revert "Update Dockerfile to leap 15.6"
2024-09-06 17:53:58 +02:00
Dirk
733c2d31b7
Automagic with openssl and TLS 1.3-only host
2024-09-06 17:37:42 +02:00
Dirk
52213d3072
Suppy documenation for TLS 1.3 only hosts
...
and the automagic wrt /usr/bin/openssl OPENSSL2 and OSSL_SHORTCUT
2024-09-06 17:32:53 +02:00
Dirk
3d2bd5020c
fix spellcheck
2024-09-06 13:00:27 +02:00
Dirk
12bc15adc3
misc
...
- remove 1xLF in UI
- fix obsolete statment for OPENSSL2
2024-09-06 12:53:00 +02:00
Dirk
becd310390
Address open UI problems for TLS 1.3 only hosts
...
While in 3.2 there was only a hint how to deal with TLS 1.3 only hosts, a restart
with --openssl=/usr/bin/openssl or setting of OSSL_SHORTCUT-true was required.
This PR changes the behavior: if an openssl version can be found in /usr/bin/openssl
(or SUPPLIED via OPENSSL2=/home/version/ofopenssl testssl <cmdline>) which
supports TLS 1.3 it switches automatically and informs the user that it has done so.
This message is asynchonous and is implemented with a new function check_msg()
and a global OPEN_MSG, so that we maintain the formatting. Otherwise it would have
appeared between rDNS and service detection. Now it's nicely after service detection.
2024-09-06 12:47:03 +02:00
Dirk Wetter
a20fd796e8
Merge pull request #2552 from drwetter/fix_2466
...
Trailing space after value in header is fine
2024-09-03 20:51:18 +02:00
Dirk Wetter
031c2a55ec
Merge pull request #2553 from drwetter/noCtrlCharInHeader
...
Remove crtl chars from HTTP header
2024-09-03 20:50:18 +02:00
Dirk Wetter
3cd027e1f1
Merge pull request #2551 from drwetter/banner
...
Improve banner (3.2)
2024-09-03 19:27:46 +02:00
Dirk
2b36b33112
Remove crtl chars from HTTP header
...
... which fixes #2337
2024-09-03 19:24:46 +02:00
Dirk
30a33e9a6e
Trailing space after value in header is fine
...
This fixes #2466 .
2024-09-03 19:10:29 +02:00