testssl.sh

mirror of https://github.com/drwetter/testssl.sh.git synced 2025-03-04 04:21:16 +01:00

History

Dirk b9b09f586e added MS CA store, see #825 Finally complete, thx @naumanshah03		2017-09-19 15:15:54 +02:00
..
Apple.pem	update of certificate stores, except MS	2017-09-18 14:18:00 +02:00
ca_hashes.txt	added MS CA store, see #825	2017-09-19 15:15:54 +02:00
cipher-mapping.txt	Add OpenSSL names for ARIA ciphers	2017-08-30 11:12:11 -04:00
client_simulation.txt	Reorder client simulation data (see #776 ) and update README	2017-08-30 20:35:15 +02:00
client-simulation.txt	rename client simulation file (das is more consistent)	2017-08-30 23:00:32 +02:00
common-primes.txt	- add crypotsense prefined DH groups	2017-01-20 18:14:48 +01:00
curves.txt	- added values to curve448 + 25519	2016-06-09 13:18:55 +02:00
Linux.pem	update of certificate stores, except MS	2017-09-18 14:18:00 +02:00
Microsoft.pem	added MS CA store, see #825	2017-09-19 15:15:54 +02:00
Mozilla.pem	update of certificate stores, except MS	2017-09-18 14:18:00 +02:00
README.md	Update README.md	2017-09-19 14:50:08 +02:00
tls_data.txt	adding comments for David's PR #807 and pointing to the cipher list in #806	2017-07-31 12:59:36 +02:00

README.md

Certificate stores

The certificate stores were retrieved by

Mozilla; see https://curl.haxx.se/docs/caextract.html
Linux: Just copied from an up-to-date Linux machine
Microsoft: Following command pulls all certificates from Windows Update services: (see also http://aka.ms/RootCertDownload, https://technet.microsoft.com/en-us/library/dn265983(v=ws.11).aspx#BKMK_CertUtilOptions): CertUtil -syncWithWU -f -f . .
Apple: It comes from Apple OS X keychain app. Open Keychain Access utility, i.e. In the Finder window, under Favorites --> "Applications" --> "Utilities" (OR perform a Spotlight Search for Keychain Access) --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Category" --> "All Items" Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items"

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate stores while scanning internal net- works. Second catch: If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Further needed files

tls_data.txt contains lists of cipher suites and private keys for sockets-based tests
cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS
ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update
common-primes.txt is used for LOGJAM
client-simulation.txt as the name indicates it's the data for the client simulation. Use ~/utils/update_client_sim_data.pl for an update. Note: This list has been manually edited to sort it and weed it out.