testssl.sh/etc
Dirk 40155ed222 Update Java store
Other than before teh Java store was extracted directly from a keystore
from a Java JRE from https://jdk.java.net/.

The Debian keystore used previously used the certificates from the Debian
machine itself (installation script in ``/etc/ca-certificates/update.d/``.
Check with ``keytool -list -rfc -keystore /etc/ssl/certs/java/cacerts | grep -i 'alias'``

As a consequence this store contains less certificates:

etc/Java.pem:90
etc/Linux.pem:128

and needs some testing whether it really should be still included.
2020-01-10 09:17:57 +01:00
..
Apple.pem Update for 3.0 2020-01-09 10:27:09 +01:00
ca_hashes.txt added MS CA store, see #825 2017-09-19 15:15:54 +02:00
cipher-mapping.txt Correct new openssl cipher name 2018-11-02 14:04:12 +01:00
client-simulation.txt Update Safari to 13.0 and macOS to 10.14 2019-10-16 20:36:08 +02:00
client-simulation.wiresharked.txt Update Safari to 13.0 and macOS to 10.14 2019-10-16 20:36:08 +02:00
common-primes.txt Remove duplicate common primes 2018-07-23 13:48:18 -04:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
Java.pem Update Java store 2020-01-10 09:17:57 +01:00
Linux.pem Update for 3.0 2020-01-09 10:27:09 +01:00
Microsoft.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Mozilla.pem Update for 3.0 2020-01-09 10:27:09 +01:00
README.md Update Java store 2020-01-10 09:17:57 +01:00
tls_data.txt Allow TLS12_CIPHER to be changed 2019-09-23 15:54:44 -04:00

Certificate stores

The certificate trust stores were retrieved from

Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.

If you want to check trust against e.g. a company internal CA you need to use ./testssl.sh --add-ca companyCA1.pem,companyCA2.pem <further_cmds> or ADDITIONAL_CA_FILES=companyCA1.pem,companyCA2.pem ./testssl.sh <further_cmds>.

Further files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update

  • common-primes.txt is used for LOGJAM and the PFS section

  • client-simulation.txt / client-simulation.wiresharked.txt are as the names indicate data for the client simulation. The first one is derived from ~/utils/update_client_sim_data.pl, and manually edited to sort and label those we don't want. The second file provides more client data retrieved from wireshark captures and some instructions how to do that yourself.