Commit Graph

3961 Commits

Author SHA1 Message Date
David Cooper 4750c3f0d5 Adding x25519 and x448 to ClientHello
This added x25519 and x448 to the list of supported elliptic curves in the ClientHello created by socksend_tls_clienthello().
2016-06-08 11:25:47 -04:00
David Cooper 5edd005df0 Merge branch 'master' into version_negotiation
Conflicts:
	testssl.sh
2016-06-08 09:52:45 -04:00
David Cooper 130aa350d2 Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2 2016-06-08 09:48:18 -04:00
David Cooper 0c146ef7a1 Merge branch 'master' into openss2rfc_rfc2openssl 2016-06-08 09:47:37 -04:00
David Cooper cbb20bf661 Merge branch 'master' into more_sslv2_sslv3_fixes 2016-06-08 09:46:58 -04:00
David Cooper eaad4c7dd8 Merge branch 'master' into fix_issue_276 2016-06-08 09:46:25 -04:00
Dirk Wetter c929fba206 Merge pull request #342 from dcooper16/socksend_tls_clienthello_extensions
More extensions in socksend_tls_clienthello()
2016-06-08 10:39:17 +02:00
Dirk 022dbc687a Merge branch 'master' of github.com:drwetter/testssl.sh 2016-06-07 23:07:17 +02:00
Dirk d858edca1b - filled PROTOS_OFFERED w sense
- minor fixes for fileout
- introduced "fixme()"
2016-06-07 23:06:58 +02:00
Dirk Wetter 1d051a24e0 Merge pull request #374 from dcooper16/CREDITS
Update CREDITS.md
2016-06-07 22:40:56 +02:00
David Cooper fa866f6458 Update CREDITS.md 2016-06-07 14:23:33 -04:00
David Cooper 253ba29cde openssl2rfc and rfc2openssl
This PR provides implementations of openssl2rfc and rfc2openssl. It also uses openssl2rfc() in run_server_preference() to help determine how to display the "negotiated cipher." I believe that using the RFC names addresses the current FIXME:

FIXME BEAST: We miss some CBC ciphers here, need to work w/ a list"
2016-06-07 14:02:48 -04:00
David Cooper ec8420144d Merge branch 'master' into version_negotiation 2016-06-07 10:36:52 -04:00
David Cooper c13ae4a001 Merge branch 'master' into socksend_tls_clienthello_extensions 2016-06-07 10:35:32 -04:00
David Cooper c50f2cc796 Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2 2016-06-07 10:33:21 -04:00
David Cooper 366025256b Merge branch 'master' into more_sslv2_sslv3_fixes
Conflicts:
	testssl.sh
2016-06-07 10:30:46 -04:00
David Cooper a6d59b5380 Merge branch 'master' into fix_issue_276 2016-06-07 10:24:56 -04:00
Dirk 8ed6214b6f preliminary fix for #189 (SIZELMT_W_ARND=true needed) 2016-06-07 13:02:58 +02:00
Dirk 29072315e5 output correction for IPv6 and --ip=<addr 2016-06-07 09:08:48 +02:00
Dirk 6f4ba5bda7 - corrected handling of shortened warning periods for LE certs (dual certs were wrong)
- (kind of) readded cert_key_algo in output
- smaller output fixes e.g. for GOST certificates
2016-06-06 13:42:17 +02:00
Dirk Wetter 4668b9879a Update Readme.md 2016-06-04 19:17:10 +02:00
Dirk Wetter efdcd805a9 Update Readme.md 2016-06-04 19:14:38 +02:00
Dirk Wetter 561cfa16fc - FIX #367 2016-06-02 21:31:24 +02:00
David Cooper b1e2fc7448 Merge branch 'master' into version_negotiation 2016-06-02 09:19:37 -04:00
David Cooper e8cc32af54 Merge branch 'master' into socksend_tls_clienthello_extensions 2016-06-02 09:16:45 -04:00
David Cooper f5fcff22d6 Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2 2016-06-02 09:14:20 -04:00
David Cooper c593675b8e Merge branch 'master' into more_sslv2_sslv3_fixes 2016-06-02 09:09:57 -04:00
David Cooper fc6b5070af Merge branch 'master' into fix_issue_276 2016-06-02 09:08:24 -04:00
Dirk Wetter 6a9b0e01fc - polishing #366 and IPv6-related 2016-06-02 09:59:52 +02:00
Dirk Wetter 51f4c9ac9e Merge pull request #366 from typingArtist/365_fix_ipv6_handling
drwetter#365 fix ipv6 handling
2016-06-02 09:27:14 +02:00
David Cooper 6825c0b363 Allow for certificates with no subjectAltName extension
While it seems that almost all certificates include a subjectAltName extension, need to allow for the possibility that the two certificates being compared don't have subjectAltName extensions.
2016-06-01 16:20:10 -04:00
David Cooper 3bc0d6b45c Fix issue #276
Here is my proposed change to fix issue #276.
2016-06-01 15:57:40 -04:00
David Cooper a9cd3ec6ca Merge branch 'master' into version_negotiation
Conflicts:
	testssl.sh
2016-05-31 09:51:13 -04:00
typingArtist 2c69e83f5b https://github.com/drwetter/testssl.sh/issues/365 add UNBRACKETED_IPV6 quirks option
Since some OpenSSL binaries, namely Gentoo’s, don’t support bracketed
IPv6 addresses but unbracketed ones, specified as the -connect option,
the UNBRACKETED_IPV6 environment variable can be set to true for
disabling the automatic addition of brackets around IPv6 addresses on
such platforms.
2016-05-27 20:11:47 +02:00
typingArtist cf62353fc6 https://github.com/drwetter/testssl.sh/issues/365 ensure DNS PTR lookups use un-bracketed IPv6 address
While standard OpenSSL requires the literal IPv6 address enclosed
in [brackets], standard DNS lookup tools don’t support the additional
characters. Before making reverse PTR lookups, these brackets have to
be removed from the IPv6 addresses.
2016-05-27 19:54:23 +02:00
Dirk Wetter 1074c062c7 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-05-27 17:44:08 +02:00
Dirk Wetter e1a8306286 - try to address #352
- WARNING in fileout is MEDIUM now
- NOT ok for medium on screen squashed
2016-05-27 17:43:45 +02:00
Dirk Wetter 1ecad208fe Update Readme.md 2016-05-26 18:03:07 +02:00
Dirk Wetter 6fb15e83fa global $OPENSSL_NR_CIPHERS 2016-05-26 12:56:55 +02:00
David Cooper 4d059f7106 Merge branch 'master' into version_negotiation 2016-05-25 16:57:37 -04:00
David Cooper acc72a1daf Merge branch 'master' into socksend_tls_clienthello_extensions 2016-05-25 16:50:56 -04:00
David Cooper a503d883c7 Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2 2016-05-25 16:38:23 -04:00
David Cooper f9757c4e4d Merge branch 'master' into more_sslv2_sslv3_fixes 2016-05-25 16:32:04 -04:00
Dirk Wetter 65193cdcee Merge pull request #361 from dcooper16/run_rc4_show_each_fix
run_pfs() and run_rc4() show each fixes
2016-05-24 23:47:23 +02:00
David Cooper 2a4d987f31 Merged master fixed conflict. 2016-05-24 14:19:19 -04:00
David Cooper e0c147ec86 run_pfs() and run_rc4() show each fixes
When run_rc4() is run with the "--show-each" option, but without the "--wide" option, a list of all RC4 ciphers is printed, without any distinction between those that are supported by the server and those that are not. This is the same issue I noted in #332 for run_pfs().

In run_pfs(), the displayed output was corrected, but all ciphers were still being added to $pfs_ciphers, so the list of supported PFS ciphers sent to fileout() was incorrect.

This PR fixes both issues.
2016-05-24 13:57:47 -04:00
Dirk 5a03e96304 - consequently removed "NOT ok" for not-av of TLS 1.2 2016-05-23 22:42:40 +02:00
Dirk Wetter bf17a17b70 - 3DES in standard cipher list is medium, thus "NOT ok" is too much (need for elegant general way for "medium")
(see also https://www.keylength.com/en/8/)
2016-05-23 18:56:05 +02:00
Dirk Wetter aa99c5eb88 - FIX #347
- LF removed in JSON
2016-05-20 13:45:53 +02:00
Dirk Wetter 803e363310 Merge pull request #356 from dcooper16/server_key_size
Fix typo in Server key size check
2016-05-20 08:16:48 +02:00