1
0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-05-05 15:56:04 +02:00
Dirk Wetter 09eda2aa97 Update openssl handshakes
to 1.1.0l and 1.1.1d. Seems that for the latter TLS 1.0 and 1.1
are disabled now, looking at the supported version extension.
However on the command line an s_client connect works. So
this commit need to be amended.
2020-01-14 18:02:43 +01:00
..
2020-01-09 10:27:09 +01:00
2016-06-09 13:18:55 +02:00
2020-01-10 09:17:57 +01:00
2020-01-09 10:27:09 +01:00
2020-01-11 11:42:30 +01:00
2020-01-09 10:27:09 +01:00
2020-01-10 09:17:57 +01:00
2019-09-23 15:54:44 -04:00

Certificate stores

The certificate trust stores were retrieved from

Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.

If you want to check trust against e.g. a company internal CA you need to use ./testssl.sh --add-ca companyCA1.pem,companyCA2.pem <further_cmds> or ADDITIONAL_CA_FILES=companyCA1.pem,companyCA2.pem ./testssl.sh <further_cmds>.

Further files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update

  • common-primes.txt is used for LOGJAM and the PFS section

  • client-simulation.txt / client-simulation.wiresharked.txt are as the names indicate data for the client simulation. The first one is derived from ~/utils/update_client_sim_data.pl, and manually edited to sort and label those we don't want. The second file provides more client data retrieved from wireshark captures and some instructions how to do that yourself.