Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-08 09:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,620 Commits 15 Branches 30 Tags 212 MiB
ece9447ac4
Commit Graph

3620 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
c5cee3ddb6 Address further potential license restriction 
.. see https://github.com/drwetter/testssl.sh/issues/1590#issuecomment-623526604

Added some formatting and verbal improvements in the intruductory comment section.
 2020-05-04 20:24:24 +02:00
Dirk Wetter
85faf9d096
Merge pull request #1606 from drwetter/add_brotli_3.0 
Add brotli compression detection for BREACH (backport)
 2020-05-04 17:50:32 +02:00
Dirk Wetter
85a529ee00 Add brotli compression detection for BREACH (backport) 
As noted in #1605 the brotli compression check was missing. So hosts
which didn't offer gzip deflate or compress but brotli seemed to
be fine but they shoould have been labled as potentially VULNERABLE.

This also fixes a bug: The HTTP header returned was only checking
for case-sensitive "Content-Encoding". RFC 2616 states in 4.2
(Message Headers): "Field names are case-insensitive"
 2020-05-04 13:23:05 +02:00
Dirk Wetter
dbff0f9673
Merge pull request #1604 from drwetter/aes_cgm_doc_3.0 
Fix typo in docs: Strong grade Ciphers / AEAD
 2020-05-02 20:01:27 +02:00
Dirk
e3ecd72deb Fix typo in docs: Strong grade Ciphers / AEAD 2020-05-02 19:57:02 +02:00
Dirk Wetter
5521063620
Merge pull request #1602 from dcooper16/improve_libressl_302_compat_30branch 
Improve compatibility with LibreSSL 3.0.2 and earlier
 2020-05-01 20:44:16 +02:00
David Cooper
25d0d4242b
Improve compatibility with LibreSSL 3.0.2 and earlier 
This commit makes the same changes as #1598, but for the 3.0 branch.
 2020-05-01 14:41:05 -04:00
Dirk Wetter
ef535b6282
Merge pull request #1596 from dcooper16/ticketbleed_no_tls1_3_30branch 
Ticketbleed and TLS 1.3
 2020-04-30 13:52:27 +02:00
David Cooper
7419e0da9c
Ticketbleed and TLS 1.3 
This commit makes the same changes as #1595, but for the 3.0 branch.
 2020-04-30 07:43:20 -04:00
Dirk Wetter
3d6d1ac9d7
Merge pull request #1594 from dcooper16/ossl30_compat_for_30branch 
Improve compatibility with OpenSSL 3.0
 2020-04-29 16:14:01 +02:00
David Cooper
2b8901e0c3
Improve compatibility with OpenSSL 3.0 
This commit makes the same changes to the 3.0 branch as #1586 makes to the 3.1dev branch.
 2020-04-29 08:50:09 -04:00
Dirk Wetter
09fe651b36
Merge pull request #1592 from drwetter/1590_readme 
Relax the possible GPL license contradiction
 2020-04-28 10:03:40 +02:00
Dirk
126e501143 Relax the possible GPL license contradiction 
... see also #1590
 2020-04-28 10:02:03 +02:00
Dirk Wetter
3c403a2484
Merge pull request #1587 from drwetter/np_fix30 
Negotiated protocol showed no warning for TLS 1.1/1.0
 2020-04-25 11:13:49 +02:00
Dirk Wetter
5c73a23cfe Negotiated protocol showed no warning for TLS 1.1/1.0 
.. whereas the protocol section did that.

This fixes the inconsistency.
 2020-04-25 11:06:35 +02:00
Dirk Wetter
ac53ec2531
Merge pull request #1585 from dcooper16/fix_logjam_ssl_native_3.0 
Fix run_logjam() in --ssl-native mode (3.0 branch)
 2020-04-24 09:42:43 +02:00
David Cooper
8723fc78b1 Fix run_logjam() in --ssl-native mode (3.0 branch) 
This commit fixes the same issue as #1584, but in the 3.0 branch.
 2020-04-23 15:01:50 -04:00
Dirk Wetter
2fcbcbe9d1
Merge pull request #1577 from drwetter/drwetter-patch-1 
Update reference to ZIP file
 2020-04-21 20:30:50 +02:00
Dirk Wetter
11123840a7
Merge pull request #1578 from drwetter/1571_30 
Fix misleading phrasing in run of standard ciphers
 2020-04-21 20:30:38 +02:00
Dirk Wetter
5fdeb32f94
Update reference to ZIP file 
to 3.0.1
 2020-04-21 18:58:27 +02:00
Dirk Wetter
4809c763cc Fix misleading phrasing in run of standard ciphers 
see #1571. Bit size doesn't matter. It only matters to the
user which ciphers they are.
 2020-04-21 18:46:57 +02:00
Dirk Wetter
af86cce011 Better version naming 
bugfix releases for 3.0 are    3.0.x instead of 3.0-1
 2020-04-15 12:35:51 +02:00
Dirk Wetter
27948d80a8
Merge pull request #1564 from drwetter/release.3.0-1 
Preparing bugfix release for 3.0
 2020-04-15 09:28:41 +02:00
Dirk Wetter
3f5735a1a0 make the sneaky user agent sneaky again 2020-04-14 14:14:45 +02:00
Dirk
8b1b9f9f27 Preparing bugfix release for 3.0 
* Bump version
* Removed ancient CVS tag detection code
* ~ backported code doc changes (http --> https and more) from @multiflexi
  see 7eba0fbb41
 2020-04-14 13:18:52 +02:00
Dirk Wetter
e51a90d7e1
Merge pull request #1557 from dcooper16/fix1551_30 
Fix #1551 in 3.0
 2020-04-01 22:28:47 +02:00
David Cooper
267ce87733 Fix #1551 in 3.0 
This commit fixes #1551 in the 3.0 branch by changing get_cipher() to recognize RFC names that begin with SSL_*. It also modifies run_beast() so that it does not get stuck in an infinite loop if get_cipher() doesn't return a valid cipher name.
 2020-04-01 13:36:39 -04:00
Dirk Wetter
ec6b724433
Merge pull request #1547 from dcooper16/display_ciphernames_bug_3.0 
Fix bug in setting DISPLAY_CIPHERNAMES in 3.0
 2020-03-25 18:28:30 +01:00
David Cooper
e1c27d61a6 Fix bug in setting DISPLAY_CIPHERNAMES in 3.0 
This commit fixes the same bug as #1546, but in the 3.0 branch.
 2020-03-25 12:59:54 -04:00
Dirk Wetter
b2252002f4
Merge pull request #1539 from mkauschi/http-basic-auth-backport-patch 
backport patch for the http basic auth bug from PR 1538
 2020-03-18 14:51:36 +01:00
manuel
3d60151028 backport patch for the http basic auth bug from PR 1538 2020-03-18 14:08:50 +01:00
Dirk Wetter
4601670bac
Merge pull request #1534 from drwetter/breach_output3 
Fix output for BEAST when no SSL3 or TLS
 2020-03-07 12:15:55 +01:00
Dirk
3f5aa1b7df Fix output for BEAST when no SSL3 or TLS 
LF added
 2020-03-06 22:09:00 +01:00
Dirk Wetter
1f6ebae401
Merge pull request #1532 from dcooper16/fix_typo_emphasize_stuff_in_headers_3.0 
Fix typo in emphasize_stuff_in_headers()
 2020-03-06 21:28:55 +01:00
David Cooper
dca5a3b860 Fix typo in emphasize_stuff_in_headers() 
This commit fixes the same typo as #1531, but in the 3.0 branch.
 2020-03-06 14:32:43 -05:00
Dirk Wetter
c4d2c2de48
Merge pull request #1529 from dcooper16/percent_printing_3.0 
Fix printing percent characters
 2020-03-06 20:04:45 +01:00
David Cooper
ed5bdffc84
Fix printing percent characters 
This commit makes the same change as #1499, but in the 3.0 branch.
 2020-03-06 12:21:18 -05:00
Dirk Wetter
069baa0b6e
Merge pull request #1522 from drwetter/pwdfix3 
avoid external pwd
 2020-03-06 15:04:18 +01:00
Dirk Wetter
488009d0cd
Merge pull request #1528 from dcooper16/fix_html_3.0 
Fix HTML generation in 3.0
 2020-03-06 14:55:27 +01:00
David Cooper
53f0bec0ba
Fix HTML generation in 3.0 
This commit applies the same changes as #1481, but to the 3.0 branch.
 2020-03-06 08:48:07 -05:00
Dirk Wetter
8e06fcc644 Avoid external "/bin/pwd" 
.. as it may not be available everywhere, see #1521 (NixOS).

This commit replaces all instances from pwd or /bin/pwd by $PWD.
It is a bash internal and the fastest. Also it added some quotes
to PWD a it may contain white spaces in the future (currently
there's a check for it that it won't)
 2020-03-06 13:31:48 +01:00
Dirk Wetter
4fcfb5d8f8 avoid external pwd 
.. as it may not be everywhere available, see #1521 (NixOS).

This commit replaces it by `pwd -P` (-P -> no symbolic link)
 2020-03-03 12:30:12 +01:00
Dirk Wetter
4dbd9a98ba
Merge pull request #1511 from drwetter/rDNS_fixes3 
Fix for non compliant DNS PTR records (backport)
 2020-02-15 15:23:07 +01:00
Dirk
bc9cf9f428 Fix for non compliant DNS PTR records 
This commit addresses two bugs: #1506 and #1508.

First, the variable rDNS can contain multiple lines due to multiple PTR DNS
records, though this is not recommended.  In those cases the multiple PTR DNS
were concatenated on the screen, without any blank.

Secondly - depending on the name server entries and on the output of the DNS
binaries used it can contain non-printable characters or characters which are
printable but later on interpreted on the output device (\032 was mentioned
in #1506) which on the screen was interpreted as octal 32 (decimal 26 = ▒,
try echo "\032"), so basically a terminal escape sequence was smuggled
from the DNS server to the screen of the users. In JSON pretty output we
had also this escape sequence which was fine for jsonlint but caused jq
to hiccup.

Fix: we use a loop to check for each FQDN returned. There we remove chars which
under those circumstances can show up. The blacklist is taken from RFC 1912
("Allowable characters in a label for a host name are only ASCII, letters, digits,
and the `-' character").
 2020-02-15 13:56:25 +01:00
Dirk Wetter
7d38f3c365
Merge pull request #1494 from dcooper16/fix_typos_3.0 
Fix typos
 2020-02-04 17:56:58 +01:00
David Cooper
8c29891ec8
Fix typos 
Same as #1492, but for 3.0.
 2020-02-04 11:35:14 -05:00
Dirk Wetter
20daaa667c
Merge pull request #1493 from drwetter/dotasurl_fix_3.0 
Fix URL when hostname with trailing dot supplied
 2020-02-04 17:17:57 +01:00
Dirk Wetter
f11b9023d6 Fix URL when hostname with trailing dot supplied 
Hostnames can contain a trailing dot (and sometimes they should).
If they are supplied to testssl.sh however they will be also interpreted
as a URL PATH when the servive is HTTP.

This commit fixes that.

See also #1490
 2020-02-04 16:32:34 +01:00
Dirk Wetter
0252316637
Merge pull request #1485 from drwetter/fix_ids_friendly 
Fix --ids-friendly
 2020-01-31 08:46:37 +01:00
Dirk Wetter
c4920f61e4 rename query_globals() --> count_do_variables() 
.. and fix one problem instroduced with last patch (testssl.sh
din't work correclty if only an URI was supplied)
 2020-01-30 22:25:10 +01:00