testssl.sh

DeforaNetworks/testssl.sh

Fork 0

84ad7d9b69 client auth + Peter Dirk Wetter 2015-10-26 09:56:33 +01:00
0009107947 Merge pull request #224 from PeterMosmans/cygwin-2 Dirk Wetter 2015-10-25 13:37:20 +01:00
62af7be5a1 Added check for availability oftput (Fixes #222) Peter Mosmans 2015-10-25 22:31:44 +10:00
5fd6e28f09 Merge pull request #221 from wlovins/master Dirk Wetter 2015-10-16 16:02:07 +02:00
4095dc53be Changed wording for easier readability. William Lovins 2015-10-16 14:40:06 +01:00
7bf1319c93 - FIX #218 for exim and friends Dirk 2015-10-15 15:14:37 +02:00
eb49132682 - changed headline for each sub test from blue to underline+bold - save determine_service log Dirk 2015-10-15 14:15:07 +02:00
78fab8addb - FIX #213, wording Dirk 2015-10-13 22:25:01 +02:00
d4dbf1138c - FIX #214 Dirk 2015-10-13 08:31:54 +02:00
2b14455c55 client auth added Dirk Wetter 2015-10-11 23:41:05 +02:00
1a1f007ef9 - banner f'up reversed Dirk 2015-10-11 23:34:53 +02:00
8c0786d147 - switched on clientauth functionality (missed b4) Dirk 2015-10-11 23:23:35 +02:00
b9bfd48871 - client based auth (see sclient_connect_successful() works now, see #206) - careful regression tests for this, point open: speed - test for more TLS extensions - heartbleed() does now before a check whether heartbeat is available to save time - breach simplyfied (and doesn't have to be killed in seldom cases) - tmpfiles are only being erased after exit not after each function - user agent is testssl -- unless --sneaky is chosen - global host vars are now being resetted to prevent side effects - tls version in record layer is now always 1 - used ERRFILE wherever possible - smaller code cleanups Dirk 2015-10-11 23:07:16 +02:00
379bc9464a Update Readme.md Dirk Wetter 2015-10-11 11:47:10 +02:00
4eacc75f2d Merge pull request #209 from jumanjiman/docker_readme Dirk Wetter 2015-10-11 10:03:19 +02:00
0600e39b45 - fix screw up of rDNS display for those few folks having only IPv4 ;-) Dirk Wetter 2015-10-06 12:30:29 +02:00
a3a15aa11e Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-10-05 09:59:22 +02:00
f8d6a2fb6d - IPv6 formatting fixed, see #11 (points 3,4,5) 5 cannot be done automagically, see issue Dirk 2015-10-05 09:56:21 +02:00
fc46a61733 Update Readme.md Dirk Wetter 2015-10-05 09:22:02 +02:00
8b917e6625 Update Readme.md Dirk Wetter 2015-10-05 09:19:11 +02:00
a0d634f94a - ouput corrections for BEAST Dirk 2015-10-04 12:32:29 +02:00
41bc2fb70c - regression wrt what_dh Dirk 2015-10-03 00:14:52 +02:00
2fe8fc95fa Readme: add link(s) to external contrib, such as docker images Paul Morgan 2015-10-01 21:35:04 -04:00
5d230edb3a Merge branch 'master' of github.com:drwetter/testssl.sh Dirk Wetter 2015-10-01 13:29:25 +02:00
f3cef41053 - some speed improvements (sed, tr --> bash internal s'n'r) - revamped BEAST a bit: availablity of higher protocols lead now to yellow color, see #208 - Fixed error in BEAST (no higher protos led to no message) - made BEAST it faster: one check for protocol ssl3+tls1 upfront, see #208 Dirk Wetter 2015-10-01 13:27:14 +02:00
8648398094 Update CREDITS.md Dirk Wetter 2015-10-01 13:19:15 +02:00
fd256a74b1 Merge pull request #207 from typingArtist/beast Dirk Wetter 2015-10-01 11:51:16 +02:00
2ca6c2b0dc improved variable naming, scope and worked around length limitation of cipher list, as suggested by @drwetter typingArtist 2015-09-30 14:54:39 +02:00
449aada392 fix CBC cipher selection typingArtist 2015-09-30 12:44:27 +02:00
1c1eaa53d8 - fix for renamed http_header function Dirk 2015-09-29 18:47:49 +02:00
cac49cb1f1 - "--file" implicitly does "--warnings=batch" - "--file" works now fine with equal sign - fixed load balancer issue where header request stalled and testssl.sh consequently too - http_date needed to be changed too because of that - needed to estimate then the http_date when request was killed (HAD_SLEPT) will Mr. Spock like this?? - fixed load balancer issue where header request for breach test stalled and thus an error was displayed - code improvements Dirk 2015-09-28 22:54:00 +02:00
251e09bb4e IPv6 Dirk Wetter 2015-09-26 23:00:41 +02:00
feaef680aa - IPv6 #11 is 80% working (whohoo!). Needed is an openssl capable IPv6 and HAS_IPv6=true in the environment - FIX #191 Dirk 2015-09-26 22:44:33 +02:00
cc81642ee3 - #FIX 202 (EV detection from TERENA/Digicert) Dirk Wetter 2015-09-25 14:35:42 +02:00
a2efc201b7 - added a failure condition for trust check Dirk 2015-09-24 09:10:43 +02:00
06466cca92 - proxy in determine_trust was missing Dirk 2015-09-23 09:03:47 +02:00
bdd6856de8 Update Readme.md Dirk Wetter 2015-09-22 20:17:06 +02:00
bf54d9ef3d Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-09-22 20:09:41 +02:00
0b1e573fc9 - FIX #190: Server temp key backport for RH-ish systems works now automagically - just to be sure there's a cmd line flag --has-dhbit / env HAS_DH_BITS - some reordering Dirk 2015-09-22 20:09:26 +02:00
95b6d59b7c Update Readme.md Dirk Wetter 2015-09-22 17:54:25 +02:00
faa6de312d Merge branch 'master' of github.com:drwetter/testssl.sh Dirk 2015-09-22 17:15:08 +02:00
4b57a22f6e - FIX #198 (date env problem under BSD and maybe others) Dirk 2015-09-22 17:14:36 +02:00
fb565ac78e See #97 Dirk Wetter 2015-09-22 16:39:09 +02:00
1668daa04e - NEW: chain of trust -- for openssl 1.0.2 only - FIX #97 Dirk 2015-09-22 15:05:59 +02:00
3eeb1f9d9d - check whether dig, host or nslookup is there. The error message is now describing the cause Dirk 2015-09-21 16:43:47 +02:00
23802e219d - #FIX 197 - renamed a variable Dirk 2015-09-21 14:03:48 +02:00
6406e1828d - minor polish of output Dirk 2015-09-19 15:03:40 +02:00
413b64c44a - fixed proxy name resolution and make it more robust - additional line if a proxy is used above rDNS Dirk 2015-09-18 15:12:01 +02:00
fc3f711b4c Need to reflect the new master Dirk Wetter 2015-09-17 15:33:41 +02:00
945d26d222 - changed version number - retabed to five spaces Dirk 2015-09-17 15:30:15 +02:00
4cee5c21c0 Running 2.6. now Dirk Wetter 2015-09-16 14:58:28 +02:00
58096d6633 2.6 release Dirk 2015-09-15 08:49:00 +02:00
467988fb0a - improved resilience in cipher order check - improved also there compatibility with intolerant IIS6 servers Dirk 2015-09-14 12:54:54 +02:00
09c06e0ffa Update Readme.md Dirk Wetter 2015-09-14 11:21:24 +02:00
a2ba43ec78 - litemagenta should be used for not fatal conditions / magenta for fatal conditions (prg terminates then) Dirk 2015-09-14 11:12:37 +02:00
9b08cb7584 - FIX /workaround for #188 (https://github.com/drwetter/testssl.sh/issues/188) - bumped up version to rc4 Dirk 2015-09-14 11:03:10 +02:00
a9f231b3ff - fix where an $PID"ERRFILE" was written Dirk 2015-09-09 16:41:32 +02:00
d28317f2d0 - exit code always 0 unless an error occured - enable devel feaure of SSLv2 via socket Dirk 2015-09-08 19:30:03 +02:00
566a059250 - fix for issue when a non-HTTP service indicates a misleading non-match of certificate - wildcard check Dirk 2015-09-06 18:21:08 +02:00
b9bfa2355a fix for scott helme's multiple keys (https://scotthelme.co.uk/hpkp-toolset) Dirk Wetter 2015-09-04 14:19:06 +02:00
422b4d511a minor cleanups for finding openssl binaries Dirk Wetter 2015-09-04 10:04:56 +02:00
13b4497e8e Rename old.CHANGELOG.txt to CHANGELOG.stable-releases.txt Dirk Wetter 2015-09-03 15:15:36 +02:00
32e471c856 Update old.CHANGELOG.txt Dirk Wetter 2015-09-03 15:14:14 +02:00
35a69642ed Update Readme.md Dirk Wetter 2015-09-03 15:09:03 +02:00
02800c78d9 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk Wetter 2015-09-03 13:26:42 +02:00
6a036cd7d4 removed hardcoded obsolete paths for binaries Dirk Wetter 2015-09-03 13:26:02 +02:00
a84562c678 Update Readme.md Dirk Wetter 2015-09-03 13:20:52 +02:00
4ec089b508 - remove double binaries Dirk Wetter 2015-09-03 13:11:57 +02:00
561c48f471 remove hashsums for the time being Dirk Wetter 2015-09-03 13:09:33 +02:00
4c52c4121b bin mess cleanup contibued Dirk 2015-09-03 12:53:21 +02:00
49802e8a41 - cleanup bin mess, part 2 Dirk 2015-09-03 12:47:40 +02:00
8d65c67d50 - cleanup bin mess ;-), part 1 Dirk 2015-09-03 12:39:03 +02:00
ab78c45b11 update Dirk 2015-09-03 12:19:53 +02:00
1c5870e3e3 typo, fix from Stefan Stidl (thx!) Dirk 2015-09-03 12:17:32 +02:00
489baa1299 unitize programming styles: ${var} --> $var, double square brackets instead of single Dirk 2015-09-03 12:14:47 +02:00
73b61469bf Merge pull request #186 from anoma/anoma-typo-patch-1 Dirk Wetter 2015-09-03 10:25:03 +02:00
6b22851104 Typo. Inconsistent CVE string format anoma 2015-09-03 09:10:06 +01:00
90930a2f78 - changed return code if someone dares to use dash as it hiccups - catch users try to use sh instead of real bash (#184), see http://www.gnu.org/software/bash/manual/bashref.html#Bash-POSIX-Mode) Dirk Wetter 2015-09-02 12:56:03 +02:00
00131e2a66 Merge pull request #180 from jpluimers/master Dirk Wetter 2015-08-30 12:41:46 +02:00
45eb3ed662 better phrasing for LOGJAM, see #181 Dirk Wetter 2015-08-28 17:43:38 +02:00
90ead7a301 FIX #183 Dirk Wetter 2015-08-28 17:06:07 +02:00
aa175f2c56 Merge branch 'master' of github.com:drwetter/testssl.sh Dirk Wetter 2015-08-28 16:46:49 +02:00
412fb6fb05 FIX #182 Dirk Wetter 2015-08-28 16:46:28 +02:00
8d0dccc31a Update Readme.md Dirk Wetter 2015-08-28 15:09:53 +02:00
9b718d39d0 - removed VERBERR (is now DEBUG=2) - hex2dec uses now internal echo instead of printf (which has problems with some chars if unexpected content if not properly used) Dirk Wetter 2015-08-28 14:59:04 +02:00
b5818f6034 - FIX $177 - some by-catches whle shellchecking - minor cleanups Dirk 2015-08-28 00:15:51 +02:00
6f5cf726e9 Merge branch 'master' of https://github.com/drwetter/testssl.sh Jeroen Pluimers 2015-08-27 23:06:06 +02:00
06572c521f Mac OS X Darwin openssl binaries with zlib support Jeroen Pluimers 2015-08-27 23:03:59 +02:00
c102bb6712 micro fix for the ESC code orgination fron tput test Dirk 2015-08-27 20:39:20 +02:00
0d9370237c - FIX #172 - labeled TLS_FALLBACK_SCSV as experimental, to be improved in next release (remarks in code) - removed experimental from FREAK check - separated headerfile from errorfile, TLS handshake oids were sometimes misinterpreted as IPv4 addreses in header - bumped up rc version - linefeeds Dirk 2015-08-27 11:25:12 +02:00
c93dc01b41 better service detection, dedicated line for NNTP and certificate stuff redirected to ERRFILE Dirk Wetter 2015-08-26 20:06:53 +02:00
838112e6d2 - LibreSSL compatibility: recent pull spits out an error if cnf file isn't found (oh well) ==> introduction of #ERRFILE, good idea anyway - commented what I wanted to achieve with the colors - code cleanups Dirk Wetter 2015-08-24 23:50:03 +02:00
aa91990fb3 - fix bug where a host name like AAA.BBB.CCC.DDD.in-addr.arpa.DOMAIN.TLS was taken as an ipv4 address - freebsd 9 supports now also colors with setaf, Darwin? - correct indentation of help - improved parsing in command line so that where a distinct option is required it is also tested in the 1st place - removed -q in help (deprecated as we might want to use it for other things in the future) - fix: if $PWD/openssl was a dir it bailed out - cleanup of fatal errors ==> provide ONE function Dirk 2015-08-24 22:17:35 +02:00
83bf9067aa FIX #167 (# of certificates provided) Dirk 2015-08-23 21:16:34 +02:00
6baf5e377c - sanitize '%' in general output function, avoids hiccups in url encoded strings - FIX #178 (Security headers only key in green, not value) - CSP rule for facebook hast 127.0.0.1 which is labeled as IP address Dirk Wetter 2015-08-21 18:10:45 +02:00
87cef93b6c - more solid parsing for HPKP header (FIX #163) - X-UA-Compatible is now an "other" flag and key won't be swallowed Dirk Wetter 2015-08-21 12:43:10 +02:00
394bde8ff5 output FIX for multiple CRLs (#165) Dirk Wetter 2015-08-21 10:47:29 +02:00
4862ece267 Merge pull request #175 from PeterMosmans/typo-fix Dirk Wetter 2015-08-18 21:30:50 +02:00
cd4ba60f16 Fixes #174 Peter Mosmans 2015-08-18 16:07:24 +02:00
85268360c0 Update CREDITS.md Dirk Wetter 2015-08-18 10:15:15 +02:00

Commit Graph Select branches Hide Pull Requests 2.9dev master Mono Color

Commit Graph

Select branches

Hide Pull Requests

2.9dev

master