0f9e6b9883
Remove three additional common primes that appeared in both https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse and https://github.com/cryptosense/diffie-hellman-groups/blob/master/gen/common.json. Note that run_logjam() will not work properly if the server's prime appears twice in etc/common-primes.txt. |
||
---|---|---|
.. | ||
Apple.pem | ||
Linux.pem | ||
Microsoft.pem | ||
Mozilla.pem | ||
README.md | ||
ca_hashes.txt | ||
cipher-mapping.txt | ||
client-simulation.txt | ||
common-primes.txt | ||
curves.txt | ||
tls_data.txt |
README.md
Certificate stores
The certificate stores were retrieved by
- Mozilla; see https://curl.haxx.se/docs/caextract.html
- Linux: Just copied from an up-to-date Linux machine
- Microsoft: Following command pulls all certificates from Windows Update services: (see also http://aka.ms/RootCertDownload, https://technet.microsoft.com/en-us/library/dn265983(v=ws.11).aspx#BKMK_CertUtilOptions):
CertUtil -syncWithWU -f -f .
. - Apple: It comes from Apple OS X keychain app. Open Keychain Access utility, i.e. In the Finder window, under Favorites --> "Applications" --> "Utilities" (OR perform a Spotlight Search for Keychain Access) --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Category" --> "All Items" Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items"
In this directory you can also save e.g. your company Root CA(s) in PEM
format, extension pem
. This has two catches momentarily: You will still
get a warning for the other certificate stores while scanning internal net-
works. Second catch: If you scan other hosts in the internet the check against
your Root CA will fail, too. This will be fixed in the future, see #230.
Further needed files
-
tls_data.txt
contains lists of cipher suites and private keys for sockets-based tests -
cipher-mapping.txt
contains information about all of the cipher suites defined for SSL/TLS -
ca_hashes.txt
is used for HPKP test in order to have a fast comparison with known CAs. Use~/utils/create_ca_hashes.sh
for an update -
common-primes.txt
is used for LOGJAM -
client-simulation.txt
as the name indicates it's the data for the client simulation. Use~/utils/update_client_sim_data.pl
for an update. Note: This list has been manually edited to sort it and weed it out.