Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-19 02:12:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • e121f944e9 * FIX: added missed downgrade (ret=2) in socket protcol check * resorted helper functions to top * cleanups (ok, renamed some functions) Dirk 2015-06-23 21:54:47 +02:00
  • b575710634 * FIX in --ip=one * straighthen help() * FIX ret value for no response in parse_tls_serverhello Dirk 2015-06-23 12:58:40 +02:00
  • ae8f998f8f * help corrected, -e is standard Dirk 2015-06-23 07:56:56 +02:00
  • a6c5a2af0d * handshake works now with SNI Dirk 2015-06-22 23:19:08 +02:00
  • d3c793e6bc * help without <> now and | * socket SNI issue: As it turns out Apache 2.2/2.4 is not behaving according to https://tools.ietf.org/html/rfc6066#section-3 . Dirk 2015-06-22 18:32:40 +02:00
  • 58a6f501b5 - better addressed no clear fallback repsonses, see #121 Dirk 2015-06-20 19:36:11 +02:00
  • 633cdc209b - NEW: IP address detection now in HTTP header - NEW: Varnish and Squid header detected - NEW: option --ip=one is a shortcut and means just test the first ip - CSP Report-Only in security headers - New: Varnish and Squid header detected, OWA header - all single tests in bold now - no support for TLS 1.2 spits out "NOT ok" as it is not ok - Medium ciphers and DES ciphers are not having aNULL and aDH ciphers anymore and have different colors --> ratings - http-date is now in http header(), tls_time in server_defaults() - http header reply is indented to same row as server defaults - http status code is displayed clearly now - BUGFIX: IPv6 address wasn't displayed - cleanup - application banner now in two lines if needed - try a second time to get a http header if first one fails - fix: case where % sign in ip address made prinf hiccup (sanitized) - fix: $url was in some functions empty - fixed bug where some headers were displayed twice Dirk 2015-06-19 20:36:32 +02:00
  • 59299ce9e1 - FIX #119 (sed -E fails for old sed versions) - std_cipherlists tuned - fix for selfsigned certs (missed sometimes because of trailing space) Dirk 2015-06-17 11:33:29 +02:00
  • 06899f3cbf - introduced Reverse Proxy header - FIX for OWA header - beautfied some header funcs - fixed GET_REQ1?/HEAD_REQ1? Dirk 2015-06-16 23:00:47 +02:00
  • 478b8afac7 FIX: bail out better if $NODE doesn't resolve cipher lists now wth plural ending added Liferay-Portal + X-OWA-Version for application banner new http_header (still leaving old one in) readability improvements Dirk 2015-06-16 19:53:40 +02:00
  • e16ccd06b6 - testing all IP addresses of a node works now (refactoring of parse_hn_port into three functions) FIX #96 - SNI is unset if STARTTLS is set - some BSD fixes (sed) Dirk 2015-06-16 14:04:44 +02:00
  • ac92ffb3c2 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-06-15 12:13:45 +02:00
  • 4432faf497 "--ip" works now (see help) little cleanups Dirk 2015-06-15 12:13:16 +02:00
  • 3ca2b4d8a1 Update Readme.md Dirk Wetter 2015-06-15 11:29:05 +02:00
  • 46c43ee53f Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-06-11 21:41:53 +02:00
  • a98b67013a FIX #116 CRIME is lightred/litegreen as it is not that bad as ccs or heartbleed resorted some functions Dirk 2015-06-11 21:41:25 +02:00
  • 7be69786b8 Update Readme.md Dirk Wetter 2015-06-11 19:32:14 +02:00
  • bdff6ba1bd - TLS_FALLBACK* was missing in the help #22 #118 Dirk 2015-06-11 18:46:22 +02:00
  • f9e4526f70 - polish of #118 - FIX #22 Dirk 2015-06-11 18:33:06 +02:00
  • c39b69a45f Merge pull request #118 from JonnyHightower/master Dirk Wetter 2015-06-11 18:30:07 +02:00
  • dc548f1cfc Added check for TLS_FALLBACK_SCSV support in local OpenSSL binary. In TLS_FALLBACK_SCSV check, added unique socket address to temporary file name in order to support multiple simultaneous instances. JonnyHightower 2015-06-10 17:38:39 +01:00
  • 8acc17b4bc - ease of making openssl binary with make-openssl.sh - Hint where the Readme is - removal of old binaries Dirk 2015-06-10 08:15:28 +02:00
  • 0e36255fb9 Added a check for TLS_FALLBACK_SCSV JonnyHightower 2015-06-08 17:19:34 +01:00
  • 0f5c4981cb - more or less desperate try to figure out the real installation path (and find the mapping file) - help extended (equal sign, logjam) Dirk 2015-06-02 22:13:19 +02:00
  • 312b02ac63 Merge pull request #117 from teward/patch-1 Dirk Wetter 2015-06-02 18:09:19 +02:00
  • 266874daeb Expand the OpenSSL 1.0.2 reqs/benefits. Thomas Ward 2015-06-02 11:59:17 -04:00
  • 03d8ba9b81 Update OpenSSL reqs - LOGJAM checks need 1.0.2+ Thomas Ward 2015-06-02 11:57:11 -04:00
  • 4081b2eef4 - wrong arg for dirname ($1) Dirk 2015-06-02 15:59:17 +02:00
  • 06c3b06a7a - regression fix on mapping file Dirk 2015-06-02 15:53:46 +02:00
  • 32acfa97a5 Merge pull request #115 from PeterMosmans/space Dirk Wetter 2015-06-02 09:26:25 +02:00
  • 8e4970c408 Minor textual fix (added space) Peter Mosmans 2015-06-01 14:16:31 +02:00
  • cac985967f - first prototype for using = in cmdline, see #108. Tests needed - beautified big case loop Dirk 2015-06-01 12:01:38 +02:00
  • 452fd6762a - local dns matches don't need lookup anymore over net --> saves timeouts+time - further banner tuning + funtion mybanner, 2 addtl global vars for debugging - cosmetic improvements Dirk 2015-05-31 14:40:12 +02:00
  • 77ad7c9252 - the outsticking part was kind of not handy, see #113, remove commit message Dirk 2015-05-30 11:36:47 +02:00
  • 353b58c0c0 Merge pull request #113 from PeterMosmans/showversion Dirk Wetter 2015-05-30 11:16:31 +02:00
  • 764f20dbcf FIX: Show version when specified on command line Peter Mosmans 2015-05-30 11:13:57 +02:00
  • d066e0868a Merge pull request #112 from AntonioMeireles/cosmetics_1 Dirk Wetter 2015-05-29 22:42:51 +02:00
  • faa9c49a2b fix spelling typos. António Meireles 2015-05-29 18:56:57 +01:00
  • 4064332234 trim all whitespace at EOL. António Meireles 2015-05-29 18:44:27 +01:00
  • 9b2b897a43 - make date even more beautiful, see #110 - fix RUN_DIR Dirk 2015-05-29 14:12:22 +02:00
  • df3b9019a1 Update Readme.md Dirk Wetter 2015-05-29 13:37:37 +02:00
  • e14453b607 Merge pull request #110 from AntonioMeireles/master Dirk Wetter 2015-05-29 11:01:47 +02:00
  • 4e18c35271 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-29 10:36:47 +02:00
  • 41ee37f0dc - per default we do a allciphers run in the end - option long changed to wide - PFS now is per default not wide - PFS comes after standard cipher lists - debug output improved (in terms of privacy and additional info) Dirk 2015-05-29 10:36:14 +02:00
  • b48ac9874e - early check to make sure people really use bash, see #109 Dirk 2015-05-29 10:10:53 +02:00
  • 2ac34c1424 - early check to make sure people really use bash, see #109 Dirk 2015-05-29 10:08:17 +02:00
  • 4063e38ccf simplify life for OSX users running gnu's coreutils... António Meireles 2015-05-28 16:51:33 +01:00
  • 8b10dc9638 - code improvements rc4, beast, logjam, freak Dirk Wetter 2015-05-27 23:31:25 +02:00
  • f9605c4f35 - BEAST now also works in wide mode - renamed --long in --wide - added --show-each to help - inserted help Dirk Wetter 2015-05-27 17:04:35 +02:00
  • 4cb8cf2ff4 - first candidate for logjam (missing the precomuted primes though) - 1024 DH is now brown instead of red, 768 will be red, 512 bold red - dumped calls to ok() - further cosmetic stuff 2.4 Dirk Wetter 2015-05-27 14:28:18 +02:00
  • a76ca52c4c - first candidate for logjam (missing the precomuted primes though) - 1024 DH is now brown instead of red, 768 will be red, 512 bold red - dumped calls to ok() - further cosmetic stuff Dirk Wetter 2015-05-27 14:28:18 +02:00
  • 83e9c55785 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-27 11:24:47 +02:00
  • f261884499 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-27 11:24:47 +02:00
  • eedc9d6f38 - fix regression on missing rfc cipher names - cosmetic stuff Dirk 2015-05-27 11:19:30 +02:00
  • ed38a365ae - fix regression on missing rfc cipher names - cosmetic stuff Dirk 2015-05-27 11:19:30 +02:00
  • 7fc7ab5ea6 - FIX: cipher mapping - adjust trailing spaces missing b4 Dirk Wetter 2015-05-26 19:26:21 +02:00
  • efffe9867b - FIX: cipher mapping - adjust trailing spaces missing b4 Dirk Wetter 2015-05-26 19:26:21 +02:00
  • ce8b44d7ff - typo/ c&p error with dh func - fixed uninitialised var Dirk Wetter 2015-05-26 15:59:27 +02:00
  • c7a76d9b86 - typo/ c&p error with dh func - fixed uninitialised var Dirk Wetter 2015-05-26 15:59:27 +02:00
  • 8c900725da - logjam Dirk 2015-05-26 12:57:15 +02:00
  • d58f39d008 - logjam Dirk 2015-05-26 12:57:15 +02:00
  • 63542251c8 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-26 12:56:17 +02:00
  • 8ab0aef84b Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-26 12:56:17 +02:00
  • f8935bd507 - for pfs. allciphers and cipher_per_proto we WARN now because of weak DH param (if openssl supports it) FIX #106, $85 - logjam not yet named *#105, #107) but addressed - --openssl switch - reorder find_openssl_binary / mybanner - proper identation of help Dirk 2015-05-26 12:51:10 +02:00
  • 060178071d - for pfs. allciphers and cipher_per_proto we WARN now because of weak DH param (if openssl supports it) FIX #106, $85 - logjam not yet named *#105, #107) but addressed - --openssl switch - reorder find_openssl_binary / mybanner - proper identation of help Dirk 2015-05-26 12:51:10 +02:00
  • 361d5ec1c9 Update Readme.md Dirk Wetter 2015-05-25 21:41:45 +02:00
  • 9b13160953 Update Readme.md Dirk Wetter 2015-05-25 21:41:45 +02:00
  • 18d7fd647f - blanks in headlines added Dirk 2015-05-25 21:22:21 +02:00
  • 3c161f9ce4 - blanks in headlines added Dirk 2015-05-25 21:22:21 +02:00
  • acdfdb0533 - omit 1xblank in almost all colored output (and adjust the functions using it) - little bit more robust for strange keysize and dh bits - added ecdsa-with-SHA256 to Signature Algorithm - FIX: no TLS1+SSL3 resulted in no output for BEAST Dirk 2015-05-25 21:14:59 +02:00
  • 9c7d385098 - omit 1xblank in almost all colored output (and adjust the functions using it) - little bit more robust for strange keysize and dh bits - added ecdsa-with-SHA256 to Signature Algorithm - FIX: no TLS1+SSL3 resulted in no output for BEAST Dirk 2015-05-25 21:14:59 +02:00
  • 8a458d6ab4 - dh key lenghth in negotiated cipher at first, see $85, #105, #106 - got rid of ok function calls in protocols - detection of apache banner win32/win64 Dirk 2015-05-25 15:10:09 +02:00
  • e58b53eeae - dh key lenghth in negotiated cipher at first, see $85, #105, #106 - got rid of ok function calls in protocols - detection of apache banner win32/win64 Dirk 2015-05-25 15:10:09 +02:00
  • 4febd95b64 - FIX for #104: check for hpkp pin match failed if \" was present Dirk 2015-05-18 23:10:34 +02:00
  • a7a19428d6 - FIX for #104: check for hpkp pin match failed if \" was present Dirk 2015-05-18 23:10:34 +02:00
  • 308c738b75 - NEW / FIX #104: check for hpkp pin match Dirk 2015-05-18 21:51:45 +02:00
  • 0c4a36121e - NEW / FIX #104: check for hpkp pin match Dirk 2015-05-18 21:51:45 +02:00
  • 2e36c9de45 Update Readme.md Dirk Wetter 2015-05-17 22:56:38 +02:00
  • bf7b867d86 Update Readme.md Dirk Wetter 2015-05-17 22:56:38 +02:00
  • 68cb80a72d - 2.4 Dirk 2015-05-17 22:43:53 +02:00
  • 7cc15e5d4d - 2.4 v2.4 Dirk 2015-05-17 22:43:53 +02:00
  • 5ec79b0204 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-17 22:42:53 +02:00
  • 43732ae53d Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-17 22:42:53 +02:00
  • ade08a22b8 - 2.4 Dirk 2015-05-17 22:34:50 +02:00
  • 4e7bbb20a0 - 2.4 Dirk 2015-05-17 22:34:50 +02:00
  • 42b2303f6b Dirk 2015-05-17 22:34:50 +02:00
  • 1c509bf845 Dirk 2015-05-17 22:34:50 +02:00
  • 5ba29902ff - 2.4! - FIX #92 - FIX for TLS time (difftime was too small for local clock skew) - warning for freebsd/macosx w/o ports need now a "yes" - TLS 1.0 not offered is not bold anymore - output weirdness fixed for cipher order in spdy Dirk 2015-05-17 22:30:49 +02:00
  • 2919a7c40e - 2.4! - FIX #92 - FIX for TLS time (difftime was too small for local clock skew) - warning for freebsd/macosx w/o ports need now a "yes" - TLS 1.0 not offered is not bold anymore - output weirdness fixed for cipher order in spdy Dirk 2015-05-17 22:30:49 +02:00
  • 8e7207325d - FIX of output whene there's no CBC cipher in BEAST - FIX: 2 occurrances of OPENSSL calls had a hostname instead of an IP address - FIX: starttls protocol correctly displayed - NEW added duplicate detection for header flags - NEW: added four GOST cipher to standard socket handshake - recommends if openssl 1.0.2 is used and results were strange and IIS6 --> run wqith openssl 1.0.1 - declared some global vars as readonly Dirk 2015-05-15 21:32:11 +02:00
  • 6e74b3bd5c - FIX of output whene there's no CBC cipher in BEAST - FIX: 2 occurrances of OPENSSL calls had a hostname instead of an IP address - FIX: starttls protocol correctly displayed - NEW added duplicate detection for header flags - NEW: added four GOST cipher to standard socket handshake - recommends if openssl 1.0.2 is used and results were strange and IIS6 --> run wqith openssl 1.0.1 - declared some global vars as readonly Dirk 2015-05-15 21:32:11 +02:00
  • 900d3d11e6 Update Readme.md Dirk Wetter 2015-05-12 13:42:42 +02:00
  • 7741d99cc8 Update Readme.md Dirk Wetter 2015-05-12 13:42:42 +02:00
  • d681871555 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-12 13:38:20 +02:00
  • 7614ac6f87 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-05-12 13:38:20 +02:00
  • f0f2119f42 - Workarounds for IIS6 #99 : some places where openssl 1.0.2 cannot connect (as opposed to =< 1.0.1) finding the right protocol before - hints for IIS6+openssl 1.0.2 non-conformity #99 - version bumped up to 2.4rc2 - better formatting for BSD in cipher order - FIX: 2x bug for cipher order + sslv2 - preambel revisited Dirk 2015-05-12 13:37:39 +02:00
  • 16d2b33459 - Workarounds for IIS6 #99 : some places where openssl 1.0.2 cannot connect (as opposed to =< 1.0.1) finding the right protocol before - hints for IIS6+openssl 1.0.2 non-conformity #99 - version bumped up to 2.4rc2 - better formatting for BSD in cipher order - FIX: 2x bug for cipher order + sslv2 - preambel revisited Dirk 2015-05-12 13:37:39 +02:00
  • 9de6cc9108 Update Readme.md Dirk Wetter 2015-05-12 10:21:31 +02:00
  • a7d7158c4b Update Readme.md Dirk Wetter 2015-05-12 10:21:31 +02:00
  • 6938f16923 - WONTFIX remarks for #103 and #102 - better warning for openssl < 1.0 Dirk 2015-05-11 16:58:57 +02:00