Commit Graph

827 Commits

Author SHA1 Message Date
Dirk Wetter
c4d84451f1 Merge pull request #326 from dcooper16/run_allciphers_speedup
run_allciphers() speedup
2016-03-28 18:41:03 +02:00
David Cooper
eac2df6d81 run_allciphers() speedup
The run_allciphers() function currently works by calling "$OPENSSL s_client" once for each cipher suite supported by $OPENSSL. In the case of "OpenSSL 1.0.2-chacha (1.0.2e-dev)" that means 195 calls to  "$OPENSSL s_client" even though servers tend to only support a small fraction of these cipher suites.

This PR produces the same output as the current run_allciphers() with fewer calls to "$OPENSSL s_client", which results in the function running faster (usually much faster). The basic idea behind the revised function is to test cipher suites in blocks. If $OPENSSL supports 195 cipher suites, then it group these cipher suites into 4 blocks of 64 (with the final block being smaller). It makes one call to "$OPENSSL s_client" with cipher suites 1-64, and if it fails, then it knows that none of these 64 cipher suites are supported by the server and it doesn't need to perform any more tests on these 64 cipher suites. If it succeeds, then it breaks the 64 cipher suites into 4 blocks of 16 and calls "$OPENSSL s_client" with each of those blocks. The blocks of 16 that are successful are broken into blocks of 4, and for each of the successful blocks of 4 the individual cipher suites are tested.

For testssl.sh and www.google.com the number of calls to "$OPENSSL s_client" is reduced from 195 to 88. For github.com the number of calls is reduced to 56!

I haven't made any changes to run_cipher_per_proto yet, but if this PR is accepted I can make the same changes in that function.

Thanks,

David
2016-03-25 10:00:50 -04:00
Dirk
c684ba7d9c - polishing 2016-03-25 11:52:23 +01:00
Dirk Wetter
ad8fd1804a Merge pull request #325 from Niko78/patch-2
Update README.md
2016-03-25 09:22:35 +01:00
Niko78
e233480ca2 Update README.md 2016-03-25 09:20:20 +01:00
Dirk Wetter
a95c807c5e Delete microsoft.pem 2016-03-25 09:07:45 +01:00
Dirk Wetter
7bb8ecc566 - now the stores are properly named 2016-03-24 18:56:26 +01:00
Dirk Wetter
53b0843664 - added Apple certificate store
- renamed the other stores accordingly (caps in the beginng)
2016-03-24 18:52:10 +01:00
Dirk
dd30b8225e - FIX #324 (thx, @dawsonpaul 2016-03-21 23:03:42 +01:00
Dirk Wetter
b5b158d5b2 - BREACH missed a LF 2016-03-19 18:15:38 +01:00
Dirk
ab7f66533c - FIX #323
- add  MicrosoftSharePointTeamServices in header detection
2016-03-19 17:20:36 +01:00
Dirk Wetter
a0b7d04974 Update README.md 2016-03-14 22:40:29 +01:00
Dirk Wetter
50660e9edd typos, minor additions 2016-03-13 21:13:03 +01:00
Dirk Wetter
682ea066d6 typos, clarification 2016-03-13 21:10:00 +01:00
Dirk Wetter
7f28b17b3c - updated, see #317 2016-03-13 20:38:06 +01:00
Dirk Wetter
46407ad2e4 - updated Mozilla truststore from http://curl.haxx.se/ instead of local firefox install, #317 2016-03-12 18:19:15 +01:00
Dirk Wetter
942359c8c1 - FIX #318
- minor code housekeeping
- increased amount of buffer read for sockets, real fix follows. #313
2016-03-12 17:08:43 +01:00
Dirk Wetter
cf7fb4f773 Update Readme.md 2016-03-11 16:42:20 +01:00
Dirk Wetter
9753f0dbb7 Update Readme.md 2016-03-11 16:41:46 +01:00
Thomas Patzke
7cc41a1a92 logfile, jsonfile and csvfile parameters work without = (as documented in help) 2016-03-08 22:25:00 +01:00
Dirk Wetter
a72133419a web frontend 2016-03-08 18:12:34 +01:00
Dirk
3ab9ec0230 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-03-08 10:39:13 +01:00
Dirk
7b0fabdbc4 - making the read buffer for server hello bigger+variable 2016-03-08 10:38:21 +01:00
Dirk Wetter
0cae7a9a7d Merge pull request #311 from noqqe/master
Format readme for better readability
2016-03-07 20:20:24 +01:00
Florian Baumann
1f3cd99ce8 Format readme for better readability 2016-03-07 13:04:30 +01:00
Dirk
483139f0a4 - show censy link by default 2016-03-05 21:35:30 +01:00
Dirk Wetter
28a6199109 - several code housekeepings
* SHOW_EACH_C has now the correct logic
  * pr_litemagenta ==> pr_warning
  * fileout WARN according to pr_warning then changed appropiately
  * some global vars in "" to avoid unneccessary shell expansion
  * HAS_SSL2/HAS_SSL3 now works more reliably
  * warning added in cipher order if ssl2/ssl3 is not supported by openssl
2016-03-05 21:07:49 +01:00
Dirk Wetter
118f897d6d Merge pull request #308 from skunkwerks/master
fix certificate_info() test
2016-03-04 00:33:25 +01:00
Dave Cottlehuber
9e77f38318 fix certificate_info() test 2016-03-03 21:47:36 +01:00
Dirk Wetter
1ead2e65bc - experimental label for DROWN 2016-03-03 20:04:20 +01:00
Dirk Wetter
6367693ccf - first check for DROWN #305 2016-03-03 19:50:44 +01:00
Dirk Wetter
752e6cdf56 - one outstanding openssl CVE issue wrt SSLv2
- first skeleton for DROWN #305
2016-03-03 11:56:25 +01:00
Dirk Wetter
c4a68df423 Merge pull request #306 from thecky/severity
Rename pr_() from color to severity naming
2016-03-02 16:49:46 +01:00
Thomas Martens
38477b4383 renamed pr_brown to pr_svrty_medium 2016-03-01 20:42:34 +01:00
Thomas Martens
dbfa66e6c7 renamed pr_yellow to pr_svrty_minor 2016-03-01 20:41:03 +01:00
Thomas Martens
ff9f1632e4 renamed pr_green to pr_done_best 2016-03-01 20:39:30 +01:00
Thomas Martens
2686f8cdb4 renamed pr_litegreen to pr_done_good 2016-03-01 20:36:41 +01:00
Thomas Martens
207e4e5ce4 renamed pr_red to pr_svrty_critical 2016-03-01 20:31:26 +01:00
Thomas Martens
cad924e707 renamed pr_litered to pr_svrty_high 2016-03-01 20:25:41 +01:00
Thomas Martens
490da0069a Merge branch 'master' of https://github.com/drwetter/testssl.sh into severity 2016-03-01 20:08:26 +01:00
Dirk Wetter
61ecf051e4 Merge pull request #300 from Dude4Linux/uppercase-severity-codes
Consistent case severity codes
2016-02-24 08:35:24 +01:00
Thomas Martens
f90f1a91e4 Merge branch 'master' of https://github.com/drwetter/testssl.sh into severity 2016-02-23 21:04:16 +01:00
John Carver
87218b6b1a Merge branch 'master' into uppercase-severity-codes 2016-02-23 10:34:32 -06:00
Dirk Wetter
53e76b0545 Update Readme.md 2016-02-23 09:08:11 +01:00
Dirk
20cee1e788 - fix: relative redirect led to fp (https) 2016-02-22 10:44:43 +01:00
Dirk
c70a13d014 - fix #296 (no recent regression as assumed) 2016-02-20 21:46:17 +01:00
Dirk
583584e095 - FIX #297
- FIX #243
- reformmated BEAST a bit (was screwed up in ! WIDE mode if too many ciphers
2016-02-20 14:10:04 +01:00
Dirk
71b4c03202 - fix key problem hpkp 2016-02-20 11:07:47 +01:00
John Carver
4be1539a4d lowercase ok when used with NOT in (NOT ok) 2016-02-18 11:49:47 -06:00
John Carver
291edce0c3 uppercase server sets a cipher order (OK) 2016-02-18 11:41:17 -06:00