testssl.sh/etc
Dirk 5f047db92f Add client simlation data and provide howto
While we are thankful that Ivan Ristic permitted to use the client
data from SSLlabs, it became of bit outdated now (see #1158). Also
as sslhaf [1] was used, the data comes from HTTP traffic only.

This is a start to address it. It provides data from Android 9
(connecting to the play store, so that it is sure we don't capture
a ClientHello from an application having an own TLS stack.

Also it provides documentation how to grab data yourself, and
provide it back to testssl.sh.

Aim is at least for testssl.sh 3.0 to add Android 8 and OpenSSL 1.1.1 (@drwetter).

My hope others can assist with  Safari on OSX 11 and 12. Java 10 and 11,
and a recent Opera and Edge version. (Firefox and Chrome are out of
date too)

Mail clients to follow later.

[1] https://github.com/ssllabs/sslhaf
2019-04-18 10:06:01 +02:00
..
Apple.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Java.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Linux.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Microsoft.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Mozilla.pem Updated store because of Mozilla update 2019-02-21 09:21:19 +01:00
README.md Add client simlation data and provide howto 2019-04-18 10:06:01 +02:00
ca_hashes.txt added MS CA store, see #825 2017-09-19 15:15:54 +02:00
cipher-mapping.txt Correct new openssl cipher name 2018-11-02 14:04:12 +01:00
client-simulation.txt Add client simlation data and provide howto 2019-04-18 10:06:01 +02:00
client-simulation.wiresharked.txt Add client simlation data and provide howto 2019-04-18 10:06:01 +02:00
common-primes.txt Remove duplicate common primes 2018-07-23 13:48:18 -04:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
tls_data.txt Remove '0a' character from public keys 2018-09-21 17:07:46 -04:00

README.md

Certificate stores

The certificate trust stores were retrieved from

Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.

If you want to test against e.g. a company internal CA you want to avoid warnings from the certificate stores here it's recommended to use ADDITIONAL_CA_FILES=<companyCA.pem ./testssl.sh <your cmdline>. (The former mechanism was to put the company root CA certificate here.)

Further files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update

  • common-primes.txt is used for LOGJAM and the PFS section

  • client-simulation.txt as the name indicates it's the data for the client simulation. Use ~/utils/update_client_sim_data.pl for an update. Note: This list has been manually edited to sort it and weed it out. In addition the file named client-simulation.wiresharked.txt provides more client data and some instructions how to generate it yourself