testssl.sh/etc
Dirk Wetter 54539e9da3 rename client simulation file (das is more consistent)
update client simulation: now has every client from SSLlabs and
it is properly ordered
2017-08-30 23:00:32 +02:00
..
Apple.pem update, thanks to Niko78, see #371 2016-10-02 10:04:25 +02:00
Linux.pem update 2016-09-29 23:23:44 +02:00
Microsoft.pem Updating MS store, sill small, still not automated/cumbersome not sure if ok 2016-10-12 21:15:37 +02:00
Mozilla.pem update 2016-09-29 23:23:44 +02:00
README.md rename client simulation file (das is more consistent) 2017-08-30 23:00:32 +02:00
ca_hashes.txt Shell script to generate ca_hashes.txt (OSX only) 2016-07-25 09:47:24 +02:00
cipher-mapping.txt Add OpenSSL names for ARIA ciphers 2017-08-30 11:12:11 -04:00
client-simulation.txt rename client simulation file (das is more consistent) 2017-08-30 23:00:32 +02:00
client_simulation.txt Reorder client simulation data (see #776) and update README 2017-08-30 20:35:15 +02:00
common-primes.txt - add crypotsense prefined DH groups 2017-01-20 18:14:48 +01:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
tls_data.txt adding comments for David's PR #807 and pointing to the cipher list in #806 2017-07-31 12:59:36 +02:00

README.md

Certificate stores

The certificate stores were retrieved by

  • Mozilla; see https://curl.haxx.se/docs/caextract.html
  • Linux: Just copied from an up-to-date Linux machine
  • Microsoft: For Windows >= 7/2008 Microsoft decided not to provide a full certificate store by default or via update as all other OS do. It's being populated with time -- supposed you use e.g. IE while browsing. Thus this file is smaller as the others. This store was destilled from three different windows installations via "certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities" and the Third Party Store. Feedback is welcome, see #317. It's still behind what MS publishes what should be included. Unfortunately there doesn't seem to be store to DL. Let me know if you have a pointer
  • Apple: It comes from Apple OS X keychain app. Open Keychain Access. In the Finder window, under Favorites --> "Applications" --> "Utilities" --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Category" --> "All Items" Select all CA certificates, "File" --> "Export Items"

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate stores while scanning internal net- works. Second catch: If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Further needed files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs

  • common-primes.txt is used for LOGJAM

  • client-simulation.txt as the name indicates it's the data for the client simulation. Use ~/utils/update_client_sim_data.pl for an update. Note: This list has been manually edited to sort it and weed it out.