testssl.sh/etc
David Cooper 6460de39a2 Add OpenSSL names for ARIA ciphers
A PR was just accepted into the master branch of https://github.com/openssl/openssl that specifies OpenSSL names for the ARIA GCM cipher suites: bc32673869. This PR adds these OpenSSL names to the cipher-mapping.txt file. It also changes the description of the encryption algorithm for these ciphers from "ARIA" to "ARIAGCM" to be consistent with OpenSSL and with the other GCM ciphers in the cipher-mapping.txt file.

In addition, OpenSSL names for some of the ARIA CBC ciphers are provided in https://github.com/openssl/openssl/blob/master/doc/man1/ciphers.pod, and this PR adds those OpenSSL names to the cipher-mapping.txt file as well.
2017-08-30 11:12:11 -04:00
..
Apple.pem update, thanks to Niko78, see #371 2016-10-02 10:04:25 +02:00
ca_hashes.txt Shell script to generate ca_hashes.txt (OSX only) 2016-07-25 09:47:24 +02:00
cipher-mapping.txt Add OpenSSL names for ARIA ciphers 2017-08-30 11:12:11 -04:00
client_simulation.txt Remove unnecessary spaces 2017-03-23 14:15:26 -04:00
common-primes.txt - add crypotsense prefined DH groups 2017-01-20 18:14:48 +01:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
Linux.pem update 2016-09-29 23:23:44 +02:00
Microsoft.pem Updating MS store, sill small, still not automated/cumbersome not sure if ok 2016-10-12 21:15:37 +02:00
Mozilla.pem update 2016-09-29 23:23:44 +02:00
README.md typo 2017-08-13 11:32:24 +02:00
tls_data.txt adding comments for David's PR #807 and pointing to the cipher list in #806 2017-07-31 12:59:36 +02:00

Certificate stores

The certificate stores were retrieved by

  • Mozilla; see https://curl.haxx.se/docs/caextract.html
  • Linux: Just copied from an up-to-date Linux machine
  • Microsoft: For Windows >= 7/2008 Microsoft decided not to provide a full certificate store by default or via update as all other OS do. It's being populated with time -- supposed you use e.g. IE while browsing. Thus this file is smaller as the others. This store was destilled from three different windows installations via "certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities" and the Third Party Store. Feedback is welcome, see #317. It's still behind what MS publishes what should be included. Unfortunately there doesn't seem to be store to DL. Let me know if you have a pointer
  • Apple: It comes from Apple OS X keychain app. Open Keychain Access. In the Finder window, under Favorites --> "Applications" --> "Utilities" --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Category" --> "All Items" Select all CA certificates, "File" --> "Export Items"

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate stores while scanning internal net- works. Second catch: If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Further needed files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs

  • common-primes.txt is used for LOGJAM

  • client_simulation.txt as the name indicates it's the data for the client simulation