testssl.sh/etc
Dirk f708e1420e Updated Trust Stores, Java added
This is an update of the root certificate stores. Date from each store
is from yesterday.

Description update.

Also the Java certificate store was added. Previously Java was omitted
as it appeared not to be complete. I tested successfully this store.
2018-12-14 10:00:23 +01:00
..
Apple.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
ca_hashes.txt added MS CA store, see #825 2017-09-19 15:15:54 +02:00
cipher-mapping.txt Correct new openssl cipher name 2018-11-02 14:04:12 +01:00
client-simulation.txt Updated client simulation 2018-11-05 22:47:28 +01:00
common-primes.txt Remove duplicate common primes 2018-07-23 13:48:18 -04:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
Java.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Linux.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Microsoft.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
Mozilla.pem Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
README.md Updated Trust Stores, Java added 2018-12-14 10:00:23 +01:00
tls_data.txt Remove '0a' character from public keys 2018-09-21 17:07:46 -04:00

Certificate stores

The certificate trust stores were retrieved from

Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.

If you want to test against e.g. a company internal CA you want to avoid warnings from the certificate stores here it's recommended to use ADDITIONAL_CA_FILES=<companyCA.pem ./testssl.sh <your cmdline>. (The former mechanism was to put the company root CA certificate here.)

Further files

  • tls_data.txt contains lists of cipher suites and private keys for sockets-based tests

  • cipher-mapping.txt contains information about all of the cipher suites defined for SSL/TLS

  • ca_hashes.txt is used for HPKP test in order to have a fast comparison with known CAs. Use ~/utils/create_ca_hashes.sh for an update

  • common-primes.txt is used for LOGJAM and the PFS section

  • client-simulation.txt as the name indicates it's the data for the client simulation. Use ~/utils/update_client_sim_data.pl for an update. Note: This list has been manually edited to sort it and weed it out.