testssl.sh

mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00

History

Daniel Chodusov 6497157957 Using generic HAProxy name This prime appears to be not only in HAProxy 1.5 but as well in the newer versions. The test result will return incorrect response message, when testing on the newer HAProxy versions (ie. 1.5 is detected but 1.8 is installed).		2018-02-22 13:57:02 +01:00
..
Apple.pem	update of certificate stores, except MS	2017-09-18 14:18:00 +02:00
ca_hashes.txt	added MS CA store, see #825	2017-09-19 15:15:54 +02:00
cipher-mapping.txt	Add TLSv1.3 ciphers	2017-10-06 10:05:18 -04:00
client_simulation.txt	Reorder client simulation data (see #776 ) and update README	2017-08-30 20:35:15 +02:00
client-simulation.txt	Fix incorrect client simulation data	2017-10-03 16:34:56 -04:00
common-primes.txt	Using generic HAProxy name	2018-02-22 13:57:02 +01:00
curves.txt	- added values to curve448 + 25519	2016-06-09 13:18:55 +02:00
Linux.pem	update of certificate stores, except MS	2017-09-18 14:18:00 +02:00
Microsoft.pem	added MS CA store, see #825	2017-09-19 15:15:54 +02:00
Mozilla.pem	update of certificate stores, except MS	2017-09-18 14:18:00 +02:00
README.md	Update README.md	2017-09-19 14:50:08 +02:00
tls_data.txt	Add public keys	2017-11-02 11:44:29 -04:00

README.md

Certificate stores

The certificate stores were retrieved by

Mozilla; see https://curl.haxx.se/docs/caextract.html
Linux: Just copied from an up-to-date Linux machine
Microsoft: Following command pulls all certificates from Windows Update services: (see also http://aka.ms/RootCertDownload, https://technet.microsoft.com/en-us/library/dn265983(v=ws.11).aspx#BKMK_CertUtilOptions): CertUtil -syncWithWU -f -f . .
Apple: It comes from Apple OS X keychain app. Open Keychain Access utility, i.e. In the Finder window, under Favorites --> "Applications" --> "Utilities" (OR perform a Spotlight Search for Keychain Access) --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Category" --> "All Items" Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items"

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate stores while scanning internal net- works. Second catch: If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Further needed files

tls_data.txt contains lists of cipher suites and private keys for sockets-based tests
cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS
ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update
common-primes.txt is used for LOGJAM
client-simulation.txt as the name indicates it's the data for the client simulation. Use ~/utils/update_client_sim_data.pl for an update. Note: This list has been manually edited to sort it and weed it out.