testssl.sh/etc
Dirk 08384920a9 Cipher mapping externalized by using David's extended mapping. Also implemented warnings
and fallback to openssl if this file cannot be found and thus sockets can't be used
2016-11-15 15:20:48 +01:00
..
Apple.pem update, thanks to Niko78, see #371 2016-10-02 10:04:25 +02:00
Linux.pem update 2016-09-29 23:23:44 +02:00
Microsoft.pem Updating MS store, sill small, still not automated/cumbersome not sure if ok 2016-10-12 21:15:37 +02:00
Mozilla.pem update 2016-09-29 23:23:44 +02:00
README.md Updating MS store, sill small, still not automated/cumbersome not sure if ok 2016-10-12 21:15:37 +02:00
ca_hashes.txt Shell script to generate ca_hashes.txt (OSX only) 2016-07-25 09:47:24 +02:00
cipher-mapping.txt Cipher mapping externalized by using David's extended mapping. Also implemented warnings 2016-11-15 15:20:48 +01:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
mapping.txt initial commit 2016-06-09 15:06:42 +02:00

README.md

Certificate stores

The certificate stores were retrieved by

  • Mozilla; see https://curl.haxx.se/docs/caextract.html
  • Linux: Just copied from an up-to-date Linux machine
  • Microsoft: For Windows >= 7/2008 Microsoft decided not to provide a full certificate store by default or via update as all other OS do. It's being populated with time -- supposed you use e.g. IE while browsing. Thus this file is smaller as the others. This store was destilled from three different windows installations via "certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities" and the Third Party Store. Feedback is welcome, see #317. It's still behind what MS publishes what should be included. Unfortunately there doesn't seem to be store to DL. Let me know if you have a pointer
  • Apple: It comes from Apple OS X keychain app. Open Keychain Access. In the Finder window, under Favorites --> "Applications" --> "Utilities" --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Category" --> "All Items" Select all CA certificates, "File" --> "Export Items"

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate stores while scanning internal net- works. Second catch: If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Mapping files

The file mapping-rfc.txt uses the hexcode to map OpenSSL names against the RFC/IANA names. curves.txt is not being used yet, it is supposed to map EC curve names properly.