Commit Graph

4635 Commits

Author SHA1 Message Date
David Cooper e17b1c17bb Support RFC 9150 cipher suites
This commit adds support for the two cipher suites in RFC 9150, TLS_SHA256_SHA256 and TLS_SHA384_SHA384. These are authentication and integrity-only cipher suites.
2024-10-28 15:07:22 -07:00
Dirk Wetter 6452ec997e
Merge pull request #2589 from dcooper16/sha256_stapled_ocsp
Accept stapled OCSP responses that use SHA-256 in CertID
2024-10-17 09:46:10 +02:00
David Cooper 1f37a8406f Accept stapled OCSP responses that use SHA-256 in CertID
This commit modifies check_revocation_ocsp() to check the revocation status of a certificate in a stapled OCSP response whether the response uses SHA-1 or SHA-256 in CertID.
2024-10-16 10:49:40 -07:00
Dirk Wetter b2e6f990b9
Merge pull request #2588 from drwetter/fix_2582
Mute socat killing & improve STARTTLS grading explanation
2024-10-15 12:26:35 +02:00
Dirk 0abca6f067 Mute socat killing & improve STARTTLS grading explanation
Fixes #2582 .
2024-10-15 10:56:29 +02:00
Dirk Wetter ba51ca7879
Merge pull request #2587 from drwetter/fix_hexdump_docker
Add link for hexdump correctly
2024-10-15 09:57:08 +02:00
Dirk fc309b7ee0 Add link for hexdump correctly
... in Dockerfile, see #2586
2024-10-15 09:54:35 +02:00
Dirk Wetter 5064d3073c
Merge pull request #2584 from drwetter/upgradeDockerfile_Lep15.6
Upgrade Dockerfile to leap 15.6
2024-10-14 18:13:35 +02:00
Dirk Wetter b7a4d5c692
Merge pull request #2583 from drwetter/minor_polish_unitTests
Minor polish unit tests
2024-10-14 18:08:35 +02:00
Dirk 0f44d6777a Upgrade Dockerfile to leap 15.6
As EOL comes closer for openSUSE Leap 15.5 (https://en.opensuse.org/Lifetime)
an update is needed.

``busybox-util-linux`` and ``busybox-vi`` had to be removed as they don't exist
anymore. Busybox was added but hexdump was not provided by the vendor.
As busybox was compiled "properly" hexdump can be added by just linking to it.

This fixes #2563
2024-10-14 17:51:24 +02:00
Dirk Wetter 656726eaab
Merge pull request #2580 from drwetter/fix_2575
Fix json/csv output when STARTTLS problem is passed back
2024-10-14 17:16:09 +02:00
Dirk e0e742379c see previous commit 2024-10-14 17:15:43 +02:00
Dirk ae77349f3a see previous commit 2024-10-14 17:11:55 +02:00
Dirk 9b48c1641b Minor polish unit tests
This PR (re-)names the unit test starter properly and improves for some unit tests the phrasing and formatting.
2024-10-14 17:08:12 +02:00
Dirk 33fd749af8 Fix json/csv output when STARTTLS problem is passed back
In rare cases testssl.sh writes in the terminal output "likely not offered" but
misses the "likely" in the json/csv output.

This fixes #2575 by adding that word and amending the return value 4 with
a comment.
2024-10-14 16:15:18 +02:00
Dirk Wetter fee04f2db8
Merge pull request #2579 from drwetter/merge_2568
Merge 2568
2024-10-14 15:55:40 +02:00
Dirk fa5664f434 Polish comment + grade cap reason for STARTTLS 2024-10-14 14:17:02 +02:00
Dirk 7c0ccb3da7 Fix HTML output in #2568 2024-10-14 13:08:45 +02:00
Dirk 6c771f7902 Merge branch '3.1dev' of https://github.com/magnuslarsen/testssl.sh into magnuslarsen-3.1dev 2024-10-14 13:03:46 +02:00
Dirk Wetter ddb84c27ce
Merge pull request #2577 from drwetter/fix_f5_short_rfc1918
Fix F5 cookie in 10.x.x.x.
2024-10-12 19:30:19 +02:00
Dirk Wetter 6110843fd0 The F5 cookie decoder doesn't detect IPs in the 10.x.x.x space for non-encrypted cookies.
This fixes the regex pattern, see also

https://github.com/drwetter/F5-BIGIP-Decoder/pull/4/files
2024-10-09 15:47:50 +02:00
Dirk Wetter 541d3ff07a
Merge pull request #2574 from drwetter/dependabot/github_actions/docker/build-push-action-6.9.0
Bump docker/build-push-action from 6.8.0 to 6.9.0
2024-10-01 10:15:12 +02:00
dependabot[bot] 89fe5ebe7e
Bump docker/build-push-action from 6.8.0 to 6.9.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.8.0 to 6.9.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.8.0...v6.9.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-01 00:08:37 +00:00
Dirk Wetter 93e5d3bcd1
Merge pull request #2573 from drwetter/dependabot/github_actions/docker/build-push-action-6.8.0
Bump docker/build-push-action from 6.7.0 to 6.8.0
2024-09-30 09:27:54 +02:00
dependabot[bot] 67fd81a9bf
Bump docker/build-push-action from 6.7.0 to 6.8.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.7.0 to 6.8.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.7.0...v6.8.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-30 00:49:02 +00:00
Dirk Wetter 94bbfff50c
Merge pull request #2569 from DaanSelen/patch-1
Minor English change
2024-09-20 10:38:10 +02:00
dselen 53c07eff19
Confusion ensues 2024-09-20 10:20:58 +02:00
dselen 34ebe22e48
Minor English Readme.md changes 2024-09-20 10:19:21 +02:00
Magnus Larsen 69bdbeb982 feat(rating): line-wrapping comments for grade_cap_reasons 2024-09-18 09:08:07 +02:00
Dirk Wetter 92bc6d4873
Merge pull request #2565 from drwetter/automagic
Amend docs wrt STARTTLS, clarify automagic switch for TLS 1.3 only hosts
2024-09-08 14:49:58 +02:00
Dirk Wetter 04c5ee391d "only" was important here 2024-09-08 13:19:16 +02:00
Dirk Wetter 4ce91d7d61 Explain OSSL_SHORTCUT better, "automagically" is the word we wanted to use 2024-09-08 12:27:51 +02:00
Dirk Wetter c5b07e7d99 Make the client side security clearer for STARTTLS
... also in the man pages. See also #2564.
2024-09-08 12:22:52 +02:00
Dirk Wetter be3e7651bb
Merge pull request #2564 from drwetter/starttls_phrasing
Phrasing of reason for STARTTLS grading improved
2024-09-07 17:08:50 +02:00
Dirk 3b85f53d52 added an accidently erased char 2024-09-07 16:15:03 +02:00
Dirk a1c67c0794 proper English 2024-09-07 16:03:53 +02:00
Dirk f9edaa7fe1 Phrasing of STARTTLS grading improved
... a a comment added in the desciption.

Unfortunately I couldn't get the line wrapping working.
2024-09-07 15:51:12 +02:00
Dirk Wetter 30f80cf9b3
Merge pull request #2561 from drwetter/fix_1312
Fix 1312
2024-09-06 18:55:24 +02:00
Dirk Wetter 9efe597a86
Merge pull request #2562 from drwetter/revert-2547-drwetter-patch-1
Revert "Update Dockerfile to leap 15.6"
2024-09-06 18:00:14 +02:00
Dirk Wetter bb7d9f4ac5
Revert "Update Dockerfile to leap 15.6" 2024-09-06 17:53:58 +02:00
Dirk 733c2d31b7 Automagic with openssl and TLS 1.3-only host 2024-09-06 17:37:42 +02:00
Dirk 52213d3072 Suppy documenation for TLS 1.3 only hosts
and the automagic wrt /usr/bin/openssl OPENSSL2 and OSSL_SHORTCUT
2024-09-06 17:32:53 +02:00
Dirk 3d2bd5020c fix spellcheck 2024-09-06 13:00:27 +02:00
Dirk 12bc15adc3 misc
- remove 1xLF in UI
- fix obsolete statment for OPENSSL2
2024-09-06 12:53:00 +02:00
Dirk becd310390 Address open UI problems for TLS 1.3 only hosts
While in 3.2 there was only a hint how to deal with TLS 1.3 only hosts, a restart
with --openssl=/usr/bin/openssl or setting of OSSL_SHORTCUT-true was required.

This PR changes the behavior: if an openssl version can be found in /usr/bin/openssl
(or SUPPLIED via OPENSSL2=/home/version/ofopenssl testssl <cmdline>) which
supports TLS 1.3 it switches automatically and informs the user that it has done so.
   This message is asynchonous and is implemented with a new function check_msg()
and a global OPEN_MSG, so that we maintain the formatting. Otherwise it would have
appeared between rDNS and service detection. Now it's nicely after service detection.
2024-09-06 12:47:03 +02:00
Dirk Wetter a20fd796e8
Merge pull request #2552 from drwetter/fix_2466
Trailing space after value in header is fine
2024-09-03 20:51:18 +02:00
Dirk Wetter 031c2a55ec
Merge pull request #2553 from drwetter/noCtrlCharInHeader
Remove crtl chars from HTTP header
2024-09-03 20:50:18 +02:00
Dirk Wetter 3cd027e1f1
Merge pull request #2551 from drwetter/banner
Improve banner (3.2)
2024-09-03 19:27:46 +02:00
Dirk 2b36b33112 Remove crtl chars from HTTP header
... which fixes #2337
2024-09-03 19:24:46 +02:00
Dirk 30a33e9a6e Trailing space after value in header is fine
This fixes #2466.
2024-09-03 19:10:29 +02:00