mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-29 12:59:44 +01:00
fa1ccdb565
This commit adds a check for whether the server supports certificate compression (RFC 8879). If it does, then the list of supprted compression methods is output in the server's preference order.
19 KiB
19 KiB
Change Log
Features implemented / improvements in 3.1dev
- Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default)
- Improved compatibility with OpenSSL 3.0
- Renamed PFS/perfect forward secrecy --> FS/forward secrecy
- Improved mass testing
- Align better colors of ciphers with standard cipherlists
- Added several ciphers to colored ciphers
- Percent output char problem fixed
- Several display/output fixes
- BREACH check: list all compression methods and add brotli
- Test for old winshock vulnerability
- Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
- Security fix: DNS input
- Don't use external pwd anymore
- STARTTLS: XMPP server support
- Code improvements to STARTTLS
- Detect better when no STARTTLS is offered
- Rating (SSL Labs, not complete)
- Don't penalize missing trust in rating when CA not in Java store
- Added support for certificates with EdDSA signatures and pubilc keys
- --add-ca can also now be a directory with *.pem files
- Warning of 398 day limit for certificates issued after 2020/9/1
- Added environment variable for amount of attempts for ssl renegotiation check
- Added --user-agent argument to support using a custom User Agent
- Added --overwrite argument to support overwriting output files without warning
- Headerflag X-XSS-Protection is now labeled as INFO
- Client simulation runs in wide mode which is even better readable
- Added --reqheader to support custom headers in HTTP requests
- Test for support for RFC 8879 certificate compression
Features implemented / improvements in 3.0
- Full support of TLS 1.3, shows also drafts supported
- Extended protocol downgrade checks
- ROBOT check
- Better TLS extension support
- Better OpenSSL 1.1.1 and higher versions support as well as LibreSSL >3
- More robustness for OpenBSD
- DNS over Proxy and other proxy improvements
- Decoding of unencrypted BIG IP cookies
- Initial client certificate support
- Warning of 825 day limit for certificates issued after 2018/3/1
- Socket timeouts (
--connect-timeout
) - IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
- Initial support for certificate compression
- Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate
- JSON output now valid also for non-responding servers
- Testing now per default 370 ciphers
- Further improving the robustness of TLS sockets (sending and parsing)
- Support of supplying timeout value for
openssl connect
-- useful for batch/mass scanning - File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
- LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2)
- PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
- Check for session resumption (Ticket, ID)
- TLS Robustness check GREASE and more
- Server preference distinguishes between TLS 1.3 and lower protocols
- Mark TLS 1.0 and TLS 1.1 as deprecated
- Does a few startup checks which make later tests easier and faster (
determine_optimal_\*()
) - Expect-CT Header Detection
--phone-out
does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL--phone-out
checks whether the private key has been compromised via https://pwnedkeys.com/- Missing SAN warning
- Added support for private CAs
- Way better handling of connectivity problems (counting those, if threshold exceeded -> bye)
- Fixed TCP fragmentation
- Added
--ids-friendly
switch - Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
- Better error msg suppression (not fully installed OpenSSL)
- Better parsing of HTTP headers & better output of longer HTTP headers
- Display more HTTP security headers
- HTTP Basic Auth support for HTTP header
- experimental "eTLS" detection
- Dockerfile and repo @ docker hub with that file (see above)
- Java Root CA store added
- Better support for XMPP via STARTTLS & faster
- Certificate check for to-name in stream of XMPP
- Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL
- Support for SNI and STARTTLS
- More robustness for any STARTTLS protocol (fall back to plaintext while in TLS caused problems)
- Renegotiation checks improved, also no false potive for Node.js anymore
- Major update of client simulations with self-collected up-to-date data
- Update of CA certificate stores
- Lots of bug fixes
- More travis/CI checks -- still place for improvements
- Man page reviewed
Features implemented / improvements in 2.9.5
- Way better coverage of ciphers as most checks are done via bash sockets where ever possible
- Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness)
- Testing 359 default ciphers (
testssl.sh -e/-E
) with a mixture of sockets and openssl. Same speed as with openssl only but addtional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc. - TLS 1.2 protocol check via sockets in production
- Finding more TLS extensions via sockets
- TLS Supported Groups Registry (RFC 7919), key shares extension
- Non-flat JSON output support
- File output (CSV, JSON flat, JSON non-flat) supports a minimum severity level (only above supplied level there will be output)
- Native HTML support instead going through 'aha'
- LUCKY13 and SWEET32 checks
- Ticketbleed check
- LOGJAM: now checking also for known DH parameters
- Support of supplying timeout value for
openssl connect
-- useful for batch/mass scanning - Parallel mass testing
- Check for CAA RR
- Check for OCSP must staple
- Check for Certificate Transparency
- Check for session resumption (Ticket, ID)
- Better formatting of output (indentation)
- Choice showing the RFC naming scheme only
- File input for mass testing can be also in nmap grep(p)able (-oG) format
- Postgres und MySQL STARTTLS support
- Man page
New in 2.8
- Trust chain check against certificate stores from Apple (OS), Linux (OS), Microsoft (OS), Mozilla (Firefox Browser), works for openssl >=1.0.1
- IPv6 (status: 80% working, details see https://github.com/drwetter/testssl.sh/issues/11
- works now on servers requiring a x509 certificate for authentication
- extensive CN <--> hostname check
- SSL Session ID check
- Avahi/mDNS based name resolution
- HTTP2/ALPN protocol check
- Logging to a file / dir
- Logging to (flat) JSON + CSV
- HPKP checks now also for Root, intermediate SPKIs
- Check for multiple server certificates
- Browser cipher simulation: what client will connect with which cipher + protocol
- GOST cipher+certificate improvements
- Assistance for color-blind users
- Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems
- Considerable speed improvements for each cipher runs (-e/-E)
- More robust SSLv2 + TLS socket interface
- seperate check for curves
- OpenSSL 1.1.0 compliant
- check for DROWN
- Whole number of bugs squashed
New in 2.6
- Display matching host key (HPKP)
- LOGJAM 1: check DHE_EXPORT cipher
- LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers
- "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name
- binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit)
- OS X binaries (@jvehent, new builds: @jpluimers)
- ARM binary (@f-s)
- FreeBSD binary
- TLS_FALLBACK_SCSV check -- thx @JonnyHightower
- (HTTP) proxy support! Also with sockets -- thx @jnewbigin
- Extended validation certificate detection
- Run in default mode through all ciphers at the end of a default run
- will test multiple IP adresses of one supplied server name in one shot, --ip= restricts it accordingly
- new mass testing file option --file option where testssl.sh commands are being read from, see https://twitter.com/drwetter/status/627619848344989696
- TLS time and HTTP time stamps
- TLS time displayed also for STARTTLS protocols
- support of sockets for STARTTLS protocols
- TLS 1.0-1.1 as socket checks per default in production
- further detection of security relevant headers (reverse proxy, IPv4 addresses), proprietary banners (OWA, Liferay etc.)
- can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams).
- quite some LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)
- lots of fixes, code improvements, even more robust
Full log @ https://github.com/drwetter/testssl.sh/commits/2.6/testssl.sh
New in 2.4
- "only one cmd line option at a time" is completely gone
- several tuning parameters on the cmd line (only available through environment variables b4): --assuming-http, --ssl-native, --sneaky, --warnings, --color, -- debug, --long
- certificate information
- more HTTP header infos (cookies+security headers)
- protocol check via bash sockets for SSLv2+v3
- debug handling significantly improved (verbosity/each function leaves files in $TEMPDIR)
- BEAST check
- FREAK check
- check for Secure Client-Initiated Renegotiation
- lots of cosmetic and maintainability code cleanups
- bugfixing
Full changelog: https://github.com/drwetter/testssl.sh/commits/2.4/testssl.sh
2.2. new features:
- Works fully under FreeBSD (openssl >=1.0)
- single cipher check (-x) with pattern of hexcode/cipher
- check for POODLE SSL
- HPKP check
- OCSP stapling
- GOST and CHACHA20 POLY1305 cipher support
- service detection (HTTP, IMAP, POP, SMTP)
- runs now with all colors, b/w screen, no escape codes at all
- protocol check better
- job control removes stalling
- RFC <---> OpenSSL name space mapping of ciphers everywhere
- includes a lot of fixes
Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
2.0 major release, new features:
- SNI
- STARTTLS fully supported
- RC4 check
- (P)FS check
- SPDY check
- color codes make more sense now
- cipher hexcodes are shown
- tests ciphers per protocol
- HSTS
- web and application server banner
- server prefereences
- TLS server extensions
- server key size
- cipher suite mapping from openssl to RFC
- heartbleed check
- CCS injection check
Historical releases
1.112
- IPv6 display fix
1.111
- NEW: tested unter FreeBSD (works with exception of xxd in CCS)
- getent now works under Linux and FreeBSD
- sed -i in hsts sacrificed for compatibility
- reomved query for IP for finishing banner, is now called once in parse_hn_port
- GOST warning after banner
- empty build date is not displayed anymore
- long build date strings minimized
- FIXED: IPv6 address are displayed again
1.110
- NEW: adding Russian GOST cipher support by providing a config file on the fly
- adding the compile date of openssl in the banner
1.109
- minor IPv6 fixes
1.108
- NEW: Major rewrite of output functions. Now using printf instead of "echo -e" for BSD and MacOSX compatibility
1.107
- improved IP address stuff
1.106
- minor fixes
1.105
- NEW: working prototype for CCS injection
1.104
- NEW: everywhere also RFC style ciphers -- if the mapping file is found
- unitary calls to display cipher suites
1.103
- NEW: telnet support for STARTTLS (works only with a patched openssl version) --> not tested (lack of server)
1.102
- NEW: test for BREACH (experimental)
.101
- BUGFIX: muted too verbose output of which on CentOS/RHEL
- BUGFIX: muted too verbose output of netcat/nc on CentOS/RHEL+Debian
1.100
- further cleanup
- starttls now tests allciphers() instead of cipher_per_proto (normal use case makes most sense here)
- ENV J_POSITIV --> SHOW_EACH_C
- finding mapping-rfc.txt is now a bit smarter
- preparations for ChaCha20-Poly1305 (would have provided binaries but "openssl s_client -connect" with that ciphersuite fails currently with a handshake error though client and server hello succeeded!)
1.99
- BUGFIX: now really really everywhere testing the IP with supplied name
- locking out openssl < 0.9.8f, new function called "old_fart" ;-)
- FEATURE: displaying PTR record of IP
- FEATURE: displaying further IPv4/IPv6 addresses
- bit of a cleanup
1.98
- http_header is in total only called once
- better parsing of default protocol (FIXME shouldn't appear anymore)
1.97
- reduced sleep time for server hello and payload reply (heartbleed)
1.96
- NEW: (experimental) heartbleed support with bash sockets (shell only SSL handshake!) see also https://testssl.sh/bash-heartbleed.sh
1.95 (2.0rc3)
- changed cmdline options for CRIME and renego vuln to uppercase
- NEW: displays server key size now
- NEW: displays TLS server extensions (might kill old openssl versions)
- brown warning if HSTS < 180 days
- brown warning if SSLv3 is offered as default protocol
1.94
- NEW: prototype of mapping to RFC cipher suite names, needed file mapping-rfc.txt in same dir as of now only used for 'testssl.sh -V'
- internal renaming: it was supposed to be "cipherlists" instead of "ciphersuites"
- additional tests for cipherlists DES, 3DES, ADH
1.93
- BUGFIX: removed space in Server banner fixed (at the expense of showing just nothing if Server string is empty)
1.92
- BUGFIX: fixed error of faulty detected empty server string
1.91
- replaced most lcyan to brown (=not really bad but somehow)
- empty server string better displayed
- prefered CBC TLS 1.2 cipher is now brown (lucky13)
1.90
- fix for netweaver banner (server is lowercase)
- no server banner is no disadvantage (color code)
1.89
- reordered! : protocols + cipher come first
- colorized prefered server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
- SSLv3 is now light cyan
- NEW: -P|--preference now in help menu
- light cyan is more appropriate than red for HSTS
1.88
- NEW: prototype for protocol and cipher preference
- prototype for session ticket
1.87
- changed just the version string to rc1
1.86
- NEW: App banner now production, except 2 liners
- DEBUG: 1 is now true as everywhere else
- CRIME+Renego prettier
- last optical polish for RC4, PFS
1.85
- NEW: appbanner (also 2 lines like asp.net)
- OSSL_VER_MAJOR/MINOR/APPENDIX
- less bold because bold headlines as bold should be reserved for emphasize findings
- tabbed output also for protocols and cipher classes
- unify neat printing
1.84
- NEW: deprecating openssl version <0.98
- displaying a warning >= 0.98 < 1.0
- NEW: neat print also for all ciphers (-E,-e)
1.83
- BUGFIX: results from unit test: logical error in PFS+RC4 fixed
- headline of -V / PFS+RC4 ciphers unified
1.82
- NEW: output for -V now better (bits seperate, spacing improved)
1.81
- output for RC4+PFS now better (with headline, bits seperate, spacing improved)
- both also sorted by encr. strength .. umm ..err bits!
1.80
- order of finding supplied binary extended (first one wins):
- use supplied variable $OPENSSL
- use "openssl" in same path as testssl.sh
- use "openssl.
uname -m
" in same path as testssl.sh - use anything in system $PATH (return value of "which"
1.79
- STARTTLS options w/o trailing 's' now (easier)
- commented code for CRIME SPDY
- issue a warning for openssl < 0.9.7 ( that version won't work anyway probably)
1.78
- -E, -e now sorted by encryption strength (note: it's only encr key length)
- -V now pretty prints all local ciphers
- -V now pretty prints all local ciphers matching pattern (plain string, no regex)
- bugfix: SSLv2 cipher hex codes has 3 bytes!
1.77
- removed legacy code (PROD_REL var)
1.76
- bash was gone!! desaster for Ubuntu, fixed
- starttls+rc4 check: bottom line was wrong
- starttls had too much output (certificate) at first a/v check
1.75
- location is now https://testssl.sh
- be nice: banner, version, help also works for BSD folks (on dash)
- bug in server banner fixed
- sneaky referer and user agent possible
1.74
- Debian 7 fix
- ident obsoleted
1.72
- removed obsolete GREP
- SWURL/SWCONTACT
- output for positive RC4 better
1.71
- workaround for buggy bash (RC4)
- colors improved
- blue is now reserved for headline
- magenta for local probs
- in RC4 removal of SSL protocol provided by openssl
1.70
- DEBUG in http_headers now as expected
1.69
- HTTP 1.1 header
- removed in each cipher the proto openssl is returning
- NEW: cipher_per_proto
1.68
- header parser for openssl
- HSTS
[..]
1.36
- fixed issue while connecting to non-webservers
1.35
- fixed portability issue on Ubuntu
1.34
- ip(v4) address in output, helps to tell different systems apart later on
- local hostname in output
1.31 (Halloween Release)
- bugfix: SSLv2 was kind of borken
- now it works for sure but ssl protocol are kind of ugly
1.30b (25.10.2012)
- bugfix: TLS 1.1/1.2 may lead to false negatives
- bugfix: CMDLINE -a/-e was misleading, now similar to help menu
1.3 (10/13/2012)
- can test now for cipher suites only
- can test now for protocols suites only
- tests for tls v1.1/v1.2 of local openssl supports it
- commandline "all "is rename to "each-cipher"
- banner when it's done
1.21a (10/4/2012)
- tests whether openssl has support for zlib compiled so that it avoids a false negative
1.21 (10/4/2012)
- CRIME support
1.20b
- bugfixed release
1.20a
- code cleanup
- showciphers variable introduced: only show ciphers if this is set (it is by default now and there's a comment
- openssl version + path to it in the banner
1.20
- bugfix (ssl in ssl handshake failure is sometimes too much)
- date in output
- autodetection of CVS version removed
1.19
- bugfix 1.18
- Rearragement of arguments: URL comes now always last!
- small code cleanups for readability
- individual cipher test is now with bold headline, not blue
- NOPARANOID flag tells whether medium grade ciphers are ok. NOW they are (=<1.17 was paranoid)
1.17
- SSL tests now for renegotiation vulnerabilty!
- version detection of testssl.sh
- program has a banner
- fixed bug leading to a file named "1"
- comment for 128Bit ciphers
1.16
- major code cleanups
- cmd line options: port is now in first argument!!
- help is more verbose
- check whether on other server side is ssl server listening
- https:// can be now supplied also on the command line
- test all ciphers now
- new cleanup routine
- -a does not do standard test afterward, you need to run testssl a second time w/o -a if you want this
1.12
- tests also medium grade ciphers (which you should NOT use)
- tests now also high grade ciphers which you SHOULD ONLY use
- switch for more verbose output of cipher for those cryptographically interested . in rows: SSL version, Key eXchange, Authentication, Encryption and Message Authentication Code
- this is per default enabled (provide otherwise "" as VERB_CLIST)
- as a courtesy I am providing 64+32 Linux binaries for testing 56 Bit ciphers
1.11
- Hint for howto enable 56 Bit ciphers fpr testing
- possible to specify where openssl is (hardcoded, $ENV, last resort: auto)
- warns if netcat is not there
1.10
- somewhat first released version