Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-28 12:29:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
Testing TLS/SSL encryption anywhere on any port. https://testssl.sh/
439 Commits 14 Branches 30 Tags 211 MiB
Shell 91.4%
HTML 4.4%
Perl 3.9%
Java 0.2%
Dockerfile 0.1%
8c858dbe3c
Go to file
Dirk Wetter 8c858dbe3c yet another GOST fine tuning thing
2015-07-20 20:49:31 +02:00
bin 2015-07-17 11:04:01 +02:00
openssl-bins addiotnal citation for GOST 2015-07-20 19:06:53 +02:00
utils * protocol checks work now! 2015-07-06 22:04:07 +02:00
CHANGELOG.txt 2014-07-16 19:06:26 +02:00
CREDITS.md see #124 (John more to the top though) 2015-06-29 23:31:51 +02:00
LICENSE Initial commit 2014-07-01 13:55:26 +02:00
mapping-rfc.txt - stripping of leading 0 in testssl.sh needed to be reflected by this file 2014-11-18 11:04:57 +01:00
openssl-rfc.mappping.html yet another GOST fine tuning thing 2015-07-20 20:49:31 +02:00
Readme.md typo 2015-07-17 13:29:17 +02:00
testssl.sh * GOST ciphers sometimes missing during scan 2015-07-20 14:05:35 +02:00

Readme.md

Intro

Gitter

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It's designed to provide clear output for your "is this good or bad" decision.

It is working on every Linux distribution out of the box with some limitations of disabled features from the openssl client -- some workarounds are done with bash-socket-based checks. It also works on BSD and other Unices out of the box, supposed they have /bin/bash and standard tools like sed and awk installed. MacOS X and Windows (using MSYS2) work too. OpenSSL version >= 1 is highly recommended. OpenSSL version >= 1.0.2 is needed for better LOGJAM checks and to display bit strengths for key exchanges.

On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see testssl.sh.

New features in the upcoming stable release 2.6 are:

  • display matching key (HPKP)
  • LOGJAM 1: check DHE_EXPORT cipher
  • LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers
  • "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name
  • TLS_FALLBACK_SCSV check -- Thx @JonnyHightower
  • (HTTP) proxy support! -- Thx @jnewbigin
  • Extended validation certificate detection
  • Run in default mode through all ciphers at the end of a default run
  • will test multiple IP adresses in one shot, --ip=<adress|"one"> restricts it accordingly
  • can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams).
  • support of sockets for STARTTLS protocols (with exception of SSLv2 you need to supply EXPERIMENTAL=yes)
  • TLS time for STARTTLS protocols
  • TLS 1.0-1.1 as socket per default in production
  • binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit)
  • LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)

more see https://github.com/drwetter/testssl.sh/milestones/2.5dev%20%282.6%29

Contributions, feedback, also bug reports are welcome! For contributions please note: One patch per feature -- bug fix/improvement. Please test your changes thouroughly as reliability is important for this project. This is imprtant to me

Please file bug reports @ https://github.com/drwetter/testssl.sh/issues .

Update notification here or @ twitter.