5d78c9421f
* first tls_low_byte is now always 01 in TLS 1.0 --> TLS 1.2 (see openssl)
...
* removing TLS 1.2 check from sockets as IIS has a problem with it
2015-06-24 11:08:09 +02:00
e121f944e9
* FIX: added missed downgrade (ret=2) in socket protcol check
...
* resorted helper functions to top
* cleanups (ok, renamed some functions)
2015-06-23 21:54:47 +02:00
b575710634
* FIX in --ip=one
...
* straighthen help()
* FIX ret value for no response in parse_tls_serverhello
2015-06-23 12:58:40 +02:00
ae8f998f8f
* help corrected, -e is standard
2015-06-23 07:56:56 +02:00
a6c5a2af0d
* handshake works now with SNI
2015-06-22 23:19:08 +02:00
d3c793e6bc
* help without <> now and |
...
* socket SNI issue: As it turns out Apache 2.2/2.4 is not behaving according to https://tools.ietf.org/html/rfc6066#section-3
.
2015-06-22 18:32:40 +02:00
58a6f501b5
- better addressed no clear fallback repsonses, see #121
2015-06-20 19:36:11 +02:00
633cdc209b
- NEW: IP address detection now in HTTP header
...
- NEW: Varnish and Squid header detected
- NEW: option --ip=one is a shortcut and means just test the first ip
- CSP Report-Only in security headers
- New: Varnish and Squid header detected, OWA header
- all single tests in bold now
- no support for TLS 1.2 spits out "NOT ok" as it is not ok
- Medium ciphers and DES ciphers are not having aNULL and aDH ciphers anymore and have different colors --> ratings
- http-date is now in http header(), tls_time in server_defaults()
- http header reply is indented to same row as server defaults
- http status code is displayed clearly now
- BUGFIX: IPv6 address wasn't displayed
- cleanup
- application banner now in two lines if needed
- try a second time to get a http header if first one fails
- fix: case where % sign in ip address made prinf hiccup (sanitized)
- fix: $url was in some functions empty
- fixed bug where some headers were displayed twice
2015-06-19 20:36:32 +02:00
59299ce9e1
- FIX #119 (sed -E fails for old sed versions)
...
- std_cipherlists tuned
- fix for selfsigned certs (missed sometimes because of trailing space)
2015-06-17 11:33:29 +02:00
06899f3cbf
- introduced Reverse Proxy header
...
- FIX for OWA header
- beautfied some header funcs
- fixed GET_REQ1?/HEAD_REQ1?
2015-06-16 23:00:47 +02:00
478b8afac7
FIX: bail out better if $NODE doesn't resolve
...
cipher lists now wth plural ending
added Liferay-Portal + X-OWA-Version for application banner
new http_header (still leaving old one in)
readability improvements
2015-06-16 19:53:40 +02:00
e16ccd06b6
- testing all IP addresses of a node works now (refactoring of parse_hn_port into three functions) FIX #96
...
- SNI is unset if STARTTLS is set
- some BSD fixes (sed)
2015-06-16 14:04:44 +02:00
ac92ffb3c2
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-06-15 12:13:45 +02:00
4432faf497
"--ip" works now (see help)
...
little cleanups
2015-06-15 12:13:16 +02:00
3ca2b4d8a1
Update Readme.md
2015-06-15 11:29:05 +02:00
46c43ee53f
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-06-11 21:41:53 +02:00
a98b67013a
FIX #116
...
CRIME is lightred/litegreen as it is not that bad as ccs or heartbleed
resorted some functions
2015-06-11 21:41:25 +02:00
7be69786b8
Update Readme.md
2015-06-11 19:32:14 +02:00
bdff6ba1bd
- TLS_FALLBACK* was missing in the help #22 #118
2015-06-11 18:46:22 +02:00
f9e4526f70
- polish of #118
...
- FIX #22
2015-06-11 18:33:06 +02:00
c39b69a45f
Merge pull request #118 from JonnyHightower/master
...
Added a check for TLS_FALLBACK_SCSV
2015-06-11 18:30:07 +02:00
dc548f1cfc
Added check for TLS_FALLBACK_SCSV support in local OpenSSL binary.
...
In TLS_FALLBACK_SCSV check, added unique socket address to temporary
file name in order to support multiple simultaneous instances.
2015-06-10 17:38:39 +01:00
8acc17b4bc
- ease of making openssl binary with make-openssl.sh
...
- Hint where the Readme is
- removal of old binaries
2015-06-10 08:15:28 +02:00
0e36255fb9
Added a check for TLS_FALLBACK_SCSV
2015-06-08 17:19:34 +01:00
0f5c4981cb
- more or less desperate try to figure out the real installation path (and find the mapping file)
...
- help extended (equal sign, logjam)
2015-06-02 22:13:19 +02:00
312b02ac63
Merge pull request #117 from teward/patch-1
...
Update OpenSSL reqs - LOGJAM checks need 1.0.2+
2015-06-02 18:09:19 +02:00
266874daeb
Expand the OpenSSL 1.0.2 reqs/benefits.
2015-06-02 11:59:17 -04:00
03d8ba9b81
Update OpenSSL reqs - LOGJAM checks need 1.0.2+
...
To effectively analyze the LOGJAM risks, and to display the bitstrength on the DH/ECDH negotiated ciphers, OpenSSL 1.0.2+ is needed. With anything under 1.0.2 (and greater than 1.0.0), the bitstrengths are not displayed as OpenSSL is 'too old' (as referred to in the script itself when 1.0.2 is newer than what's available).
I suggest that we keep a note that >= 1.0.2 is needed for LOGJAM checks.
2015-06-02 11:57:11 -04:00
4081b2eef4
- wrong arg for dirname ($1)
2015-06-02 15:59:17 +02:00
06c3b06a7a
- regression fix on mapping file
2015-06-02 15:53:46 +02:00
32acfa97a5
Merge pull request #115 from PeterMosmans/space
...
Minor textual fix (added space)
2015-06-02 09:26:25 +02:00
8e4970c408
Minor textual fix (added space)
2015-06-01 14:16:31 +02:00
cac985967f
- first prototype for using = in cmdline, see #108 . Tests needed
...
- beautified big case loop
2015-06-01 12:01:38 +02:00
452fd6762a
- local dns matches don't need lookup anymore over net --> saves timeouts+time
...
- further banner tuning + funtion mybanner, 2 addtl global vars for debugging
- cosmetic improvements
2015-05-31 14:40:12 +02:00
77ad7c9252
- the outsticking part was kind of not handy, see #113 , remove commit message
2015-05-30 11:36:47 +02:00
353b58c0c0
Merge pull request #113 from PeterMosmans/showversion
...
FIX: Show version when specified on command line
2015-05-30 11:16:31 +02:00
764f20dbcf
FIX: Show version when specified on command line
...
ADDITION: Show git commit information, to support troubleshooting.
2015-05-30 11:13:57 +02:00
d066e0868a
Merge pull request #112 from AntonioMeireles/cosmetics_1
...
trim all whitespace at EOL, plus spelling typos fixes.
2015-05-29 22:42:51 +02:00
faa9c49a2b
fix spelling typos.
...
Signed-off-by: António Meireles <antonio.meireles@reformi.st >
2015-05-29 18:56:57 +01:00
4064332234
trim all whitespace at EOL.
...
also, align comment blocks for better code readability.
Signed-off-by: António Meireles <antonio.meireles@reformi.st >
2015-05-29 18:44:32 +01:00
9b2b897a43
- make date even more beautiful, see #110
...
- fix RUN_DIR
2015-05-29 14:12:22 +02:00
df3b9019a1
Update Readme.md
2015-05-29 13:37:37 +02:00
e14453b607
Merge pull request #110 from AntonioMeireles/master
...
simplify life for OSX users running gnu's coreutils...
2015-05-29 11:01:47 +02:00
4e18c35271
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-05-29 10:36:47 +02:00
41ee37f0dc
- per default we do a allciphers run in the end
...
- option long changed to wide
- PFS now is per default not wide
- PFS comes after standard cipher lists
- debug output improved (in terms of privacy and additional info)
2015-05-29 10:36:14 +02:00
b48ac9874e
- early check to make sure people really use bash, see #109
2015-05-29 10:10:53 +02:00
2ac34c1424
- early check to make sure people really use bash, see #109
2015-05-29 10:08:17 +02:00
4063e38ccf
simplify life for OSX users running gnu's coreutils...
...
Signed-off-by: António Meireles <antonio.meireles@reformi.st >
2015-05-28 16:56:37 +01:00
8b10dc9638
- code improvements rc4, beast, logjam, freak
2015-05-27 23:31:25 +02:00
f9605c4f35
- BEAST now also works in wide mode
...
- renamed --long in --wide
- added --show-each to help
- inserted help
2015-05-27 17:04:35 +02:00
