testssl.sh/etc
David Cooper 0f7a49e2a3 Fix #1013
This PR fixes the issue raised in #1013. It primarily does this in two ways:

* In calls to `$OPENSSL s_client` that specify ciphers, the TLSv1.3 ciphers are provided separately using the `-ciphersuites` option. Then, the `s_client_options()` function manipulates the command-line options as necessary based on the version of OpenSSL being used.

* Calls to `$OPENSSL ciphers` were replaced with calls to `actually_supported_ciphers()`, which calls `$OPENSSL ciphers`. `actually_supported_ciphers()` modifies the parameters for the call to `$OPENSSL ciphers` as necessary, based on the version of OpenSSL being used.
2018-03-19 11:26:31 -04:00
..
Apple.pem update of certificate stores, except MS 2017-09-18 14:18:00 +02:00
Linux.pem update of certificate stores, except MS 2017-09-18 14:18:00 +02:00
Microsoft.pem added MS CA store, see #825 2017-09-19 15:15:54 +02:00
Mozilla.pem update of certificate stores, except MS 2017-09-18 14:18:00 +02:00
README.md Update README.md 2017-09-19 14:50:08 +02:00
ca_hashes.txt added MS CA store, see #825 2017-09-19 15:15:54 +02:00
cipher-mapping.txt Fix #1013 2018-03-19 11:26:31 -04:00
client-simulation.txt Fix incorrect client simulation data 2017-10-03 16:34:56 -04:00
client_simulation.txt Reorder client simulation data (see #776) and update README 2017-08-30 20:35:15 +02:00
common-primes.txt Using generic HAProxy name 2018-02-22 13:57:02 +01:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
tls_data.txt Add X448 support in TLS 1.3 2018-03-12 13:40:22 -04:00

README.md

Certificate stores

The certificate stores were retrieved by

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate stores while scanning internal net- works. Second catch: If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Further needed files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update

  • common-primes.txt is used for LOGJAM

  • client-simulation.txt as the name indicates it's the data for the client simulation. Use ~/utils/update_client_sim_data.pl for an update. Note: This list has been manually edited to sort it and weed it out.