Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,929 Commits 17 Branches 35 Tags
e91b8c73396f1dbf210674298d74ca02796f8277
Commit Graph

203 Commits

Author SHA1 Message Date
Dirk
285eb60d45 add loop for Apple.pem 2022-07-01 21:51:25 +02:00
Dirk
f1003d62f8 fine tune instructions for Apple.pem 2022-07-01 21:45:02 +02:00
Dirk
8b580d1448 Update cert store: Linux + Mozilla 2022-07-01 21:32:38 +02:00
Dirk Wetter
c92a648391 Add LibreSSL from MacOS 2022-05-31 16:17:47 +02:00
Dirk Wetter
854028166d Including AppleMail 2022-05-31 15:12:16 +02:00
Dirk Wetter
b274e3b858 correct openssl 3.0.3 data which made CI action fail 2022-05-31 14:32:47 +02:00
Dirk Wetter
a21a343c1c disable Java 12 and Safari on OS X 10.12 2022-05-31 12:17:38 +02:00
Dirk Wetter
09432f0346 minor fix: italic markdown 2022-05-31 12:10:36 +02:00
Dirk Wetter
f90b473b32 Add Thunderbid 91.9 to hanshak simulation 2022-05-31 12:10:11 +02:00
Dirk Wetter
86158f0bdf Firefox 100, Chrom and Edge 101 (Win10) 
- disabled Opera (too old)
- disabled ATS 9 / iOS 9
- reenabled Android 8.1
 2022-05-09 17:49:16 +02:00
Dirk Wetter
22d8cd3adf Go client (1.17) 2022-05-06 10:06:03 +02:00
Dirk Wetter
cf79a19598 Add Android 11+12 2022-05-04 19:12:03 +02:00
Dirk Wetter
28e9ddeebd Teating of FFDHE groups 
* readded to the markdown
* readded to the clientsimulations for Java 12
 2022-05-04 18:29:29 +02:00
Dirk Wetter
ac6f99fe1c correct FFDHE groups 
... so that they a recognized by ~/utils/hexstream2curves.sh
 2022-05-04 17:44:33 +02:00
Dirk Wetter
c6491a3834 Correct spell checking error 
and hint to missing ALPN
 2022-05-04 15:56:25 +02:00
Dirk Wetter
415043865a Add Java 17 LTS 
plus

* amend documentation
* remove TLS 1.3 ciphers in ch_ciphers for consistency reasons
 2022-05-04 15:46:36 +02:00
Dirk Wetter
52ed4181f9 Add SSLSocketClient in Java 
Note this doesn't add alpn (same as openssl). See here https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocket.html
if you want to add that.

This code is NOT GPLv2! It was taken from the Oracle web site which didn't list any license
(https://docs.oracle.com/javase/10/security/sample-code-illustrating-secure-socket-connection-client-and-server.htm).
 2022-05-04 15:39:32 +02:00
Dirk Wetter
d84492a75e Update openssl 3.0.3 2022-05-04 14:32:04 +02:00
Dirk Wetter
cc7a88386d Update documention how to add a client simulation 2022-05-04 12:38:12 +02:00
Dirk Wetter
03803cf0c9 Add Safari for macOS 2022-05-03 22:11:31 +02:00
David Cooper
50b09267d0 Try more ciphers 
determine_optimal_sockets_params() makes two attempts to send a TLS 1.2 ClientHello, with each attempt trying 127 ciphers. However, this leaves 97 ciphers from etc/cipher-mapping.txt that are not tried, most of which use ARIA or CAMELLIA. This commit adds a third attempt a send a ClientHello that offers these 97 remaining ciphers. This helps to ensure that support for TLS 1.2 is detected and that later calls to tls_sockets() work, even if the server only supports the ARIA/CAMELLIA ciphers that are not included in TLS12_CIPHER or TLS12_CIPHER_2ND_TRY.
 2022-04-18 11:53:28 -04:00
Miguel Jacq
905f801309 Remove the expired DST Root CA X3 cert from all trust stores, and ensure Mozilla's is up to date (fixes ISRG X1 alternate path) 
Remove changes to Dockerfiles

Update hashes for CA trust stores
 2021-10-02 08:05:56 +10:00
Dirk Wetter
2405176a26 Fix #1982: Newer openssl.cnf break openssl detection 
Newer configuration files from openssl may include statements
which aren't compatible with our supplied old openssl version.
This commit adds an autodetection of such a file and uses a
openssl.cnf provided by this project then.
 2021-09-15 09:31:03 +02:00
Dimitri Papadopoulos
fcb282e3c3 Typos found by codespell 
Run codespell in CI
 2021-09-14 13:33:39 +02:00
a1346054
b1f5c6c9af Trim excess whitespace 2021-09-04 13:28:30 +00:00
a1346054
54dcecd184 Make text file not executable 2021-09-03 22:19:39 +00:00
Alexander Troost
7029ada0ba fixing typo in md file 2020-11-28 14:06:26 +01:00
Alexander Troost
57ffe08dd4 Adding a hex2curves util. 2020-11-28 14:04:00 +01:00
Dirk Wetter
ce802634b6 Update remaining: Apple / Java / Microsoft 
* also ca_hashes.txt

* Used Java SDK 15 instead of JRE 8
* Used Windows 20H2
* Java Keystore has added 5 certificates (90 --> 95)

Updated Readme and make it more reproducible
 2020-11-13 22:01:17 +01:00
Dirk Wetter
33ea2c710c updated Linux.pem + Mozilla.pem 2020-11-11 18:15:56 +01:00
David Cooper
851cd564e6 Check for bad OCSP intermediate certificates 
This commit checks whether any intermediate certificates provided by the server include an extended key usage extension that asserts the OCSP Signing key purpose.

This commit replaces #1680, which checks for such certificates by comparing the server's intermediate certificates against a fixed list of known bad certificates.
 2020-07-15 11:56:20 -04:00
Dirk
eb7b0c9644 add hash file 2020-07-14 22:26:23 +02:00
Christoph Settgast
82e939f2bd Add wiresharked Android 7.0 (native) 
After being bitten by https://stackoverflow.com/questions/39133437/sslhandshakeexception-handshake-failed-on-android-n-7-0
I add a wiresharked Android 7.0 to reflect that bug in Android 7.0.
 2020-06-23 15:26:31 +02:00
Dirk Wetter
a9ab2bcd91 Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES) 
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
 2020-04-23 11:20:46 +02:00
David Cooper
46c05c6732 Fix client simulation 
replace ciphers with ch_ciphers and sni with ch_sni in client simulation data file.
 2020-01-31 10:52:50 -05:00
Dirk Wetter
eeb1acd749 Android 9 still has 2 signature hash algos: x0201 + x0203 2020-01-22 11:41:42 +01:00
Dirk Wetter
7c66ed47c0 All self retrieved Android handshakes modified to service ANY 2020-01-22 10:58:00 +01:00
Dirk Wetter
a50a660d6c Add Android 10 client simulation 2020-01-22 10:54:50 +01:00
Dirk Wetter
ddc7a56ab0 fix language 2020-01-17 11:59:41 +01:00
Dirk Wetter
ac7a20f018 Update client-simulation.wiresharked.md 2020-01-16 22:46:43 +01:00
Dirk Wetter
86afeabf8f Merge pull request #1438 from drwetter/update_clienthandshakes 
Update clienthandshakes
 2020-01-16 22:26:21 +01:00
Dirk Wetter
13aa6aa433 Readd TLS 1.0 and TLS 1.1 to openssl 1.1.1d (Debian) 
... see previous commit
 2020-01-14 18:17:44 +01:00
Dirk Wetter
09eda2aa97 Update openssl handshakes 
to 1.1.0l and 1.1.1d. Seems that for the latter TLS 1.0 and 1.1
are disabled now, looking at the supported version extension.
However on the command line an s_client connect works. So
this commit need to be amended.
 2020-01-14 18:02:43 +01:00
Dirk Wetter
56e6fa4bb7 Remove FTP as a "service" from Firefox' client simulation 
... as firefox never supported FTP over TLS or SSL, see

https://bugzilla.mozilla.org/show_bug.cgi?id=85464

In general browsers tend to remove noaways cleartext FTP from
browsers.
 2020-01-13 23:11:59 +01:00
Dirk Wetter
8cc3a5f514 Add firefox 71 
... and
* deprecate openssl 1.0.1
* enable Chrome 74 instead of Chrome 65
 2020-01-13 22:57:10 +01:00
David Cooper
420fa73f5a Fix Safari 13.0 Client Simulation 
The ciphersuites string for Safari 13.0 ends with a colon (':'). which causes OpenSSL to reject the command line when client simulation testing is performed in --ssl-native mode. This PR fixes the problem by removing the trailing colon.
 2020-01-13 10:31:20 -05:00
Dirk Wetter
88ec92d622 Add recent Chrome and Opera handshakes 
Chrome 78 and 79, Opera 65 and 66

Remove FTP from Chrome
 2020-01-13 16:02:39 +01:00
Dirk Wetter
a714aec912 Clarify / correct a few bits 2020-01-13 16:01:27 +01:00
Dirk Wetter
cf8cb541d5 Update Thunderbird simulation to v68.3 2020-01-13 11:35:58 +01:00
Dirk Wetter
0911d1ae31 For better recognition put readme in a separate file 2020-01-13 11:34:25 +01:00