testssl.sh/etc
Dirk 6bd489331d Updated store because of Mozilla update
Following certificate were added:
- Certigna Root CA
- UCA Extended Validation Root
- UCA Global G2 Root
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
2019-02-21 09:21:19 +01:00
..
Apple.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
ca_hashes.txt added MS CA store, see #825 2017-09-19 15:15:54 +02:00
cipher-mapping.txt Correct new openssl cipher name 2018-11-02 14:04:12 +01:00
client-simulation.txt Updated client simulation 2018-11-05 22:47:28 +01:00
common-primes.txt Remove duplicate common primes 2018-07-23 13:48:18 -04:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
Java.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Linux.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Microsoft.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Mozilla.pem Updated store because of Mozilla update 2019-02-21 09:21:19 +01:00
README.md Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
tls_data.txt Remove '0a' character from public keys 2018-09-21 17:07:46 -04:00

Certificate stores

The certificate trust stores were retrieved from

Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.

If you want to test against e.g. a company internal CA you want to avoid warnings from the certificate stores here it's recommended to use ADDITIONAL_CA_FILES=<companyCA.pem ./testssl.sh <your cmdline>. (The former mechanism was to put the company root CA certificate here.)

Further files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update

  • common-primes.txt is used for LOGJAM and the PFS section

  • client-simulation.txt as the name indicates it's the data for the client simulation. Use ~/utils/update_client_sim_data.pl for an update. Note: This list has been manually edited to sort it and weed it out.