Not sure why this has been triggered though.
# Failed test 'Check whether CSV output matches baseline file from testssl.sh'
# at t/61_diff_testsslsh.t line 57.
#
# %s
# @@ -1,5 +1,4 @@
# "id","fqdn/ip","port","severity","finding","cve","cwe"
# -"engine_problem","/","443","WARN","No engine or GOST support via engine with your ./bin/openssl.Linux.x86_64","",""
# "service","testssl.sh/81.169.166.184","443","INFO","HTTP","",""
# "pre_128cipher","testssl.sh/81.169.166.184","443","INFO","No 128 cipher limit bug","",""
# "SSLv2","testssl.sh/81.169.166.184","443","OK","not offered","",""
# Looks like you failed 1 test of 1.
t/61_diff_testsslsh.t ..............
.. see https://github.com/testssl/testssl.sh/issues/2420#issuecomment-1762749767
As suggested by @polarathene the not needed repos are more elegantly removed,
commands for removing util-linux removal and zypper up were redudant and thus
squashed.
First stage was build manually and it looked fine.
This fixes#2439 .
- Android 13 and 14 were added. They are the same, see ja3 + ja4 value
- as it turned out Android 11 and 12 have also the same ja3 + ja4 values (retrieved from old pcap files)
- so both will be labeled 11/12 an 13/14
- old pcaps from Android 11/12 showed no ALPN --> corrected
This commit modifies testssl.sh so that TLS 1.3 handshakes that use post-quantum algorithms for key exchange can be decrypted, if $OPENSSL supports the algorithms.
This commit adds support for server certificates that have ML-DSA pubilc keys. It also adds supports for certificates that are signed with ML-DSA or SLH-DSA. The ML-DSA code points for the signature_algorithms extension are taken from https://datatracker.ietf.org/doc/draft-tls-westerbaan-mldsa/ and are the ones used by OpenSSL 3.5.0.
In OpenSSL 3.5.0 the `list` command can be used to obtain a list of supported groups for TLS. The commit makes use of this command when $OPENSSL is OpenSSL 3.5.0 or later. This should be faster than testing curves one at a time.
