e614887cb8renamed files
Dirk Wetter
2015-07-06 20:33:43 +02:00
942ceb04d9FIX "built on: reproducible build, date unspecified" problem
Dirk Wetter
2015-07-06 20:33:05 +02:00
0e1a7002b9FIX "built on: reproducible build, date unspecified" problem
Dirk Wetter
2015-07-06 20:22:45 +02:00
c08baa94b3* CHANGE: some tuning variable are now booleans (see help) * help() to reflect this * cleanups
Dirk Wetter
2015-07-06 10:10:46 +02:00
80e26a75ef* Warning if LibreSSL is used #126 * FIX for screwed up output for fixed ciphers (FREAK, LOGJAM), see also #126 * GOST support now doesn't complain if MY confif file aleady exists (minor fix)
Dirk
2015-07-02 16:39:41 +02:00
1186bf4229- try to interpret server protocol (SMTP, FTP,...) handshake
Dirk
2015-07-01 19:50:38 +02:00
d44cff9a81Merge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-07-01 18:51:18 +02:00
c2f8e23441Rename ccs-injection.sh to ccs-injection.bash
Dirk Wetter
2015-07-01 18:50:45 +02:00
21119d6d01works also for nntp,ftp,imap,pop,xmpp +starttls now
Dirk
2015-07-01 13:01:16 +02:00
83dc3f707f- works now also for SMTP+STARTTLS
Dirk
2015-07-01 10:16:01 +02:00
bfdc95f3dcRename bash-heartbleed.changelog.txt to heartbleed.bash.changelog.txt
Dirk Wetter
2015-07-01 10:12:03 +02:00
4363229a01Rename bash-heartbleed.sh to heartbleed.bash
Dirk Wetter
2015-07-01 10:11:20 +02:00
0bd46058a1Update Readme.md
Dirk Wetter
2015-06-29 23:46:39 +02:00
31431a62cfUpdate Readme.md
Dirk Wetter
2015-06-29 23:37:18 +02:00
b797ebaba2Merge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-06-29 23:35:05 +02:00
24cdfded56see #124 (John more to the top though)
Dirk
2015-06-29 23:31:51 +02:00
5acfc93d79* couple of checks for new proxy option from John Newbigin #124 * minor cleanups for #124
Dirk
2015-06-29 23:28:37 +02:00
ddd680ac93* merge #124 from jnewbigin * fix my run time error
Dirk
2015-06-29 22:29:15 +02:00
15a672b521* assertion vs. condition fixed
Dirk
2015-06-29 10:41:56 +02:00
b2ebd7640dUpdate Readme.md
Dirk Wetter
2015-06-28 14:05:25 +02:00
93f5b8216d* FIX#125 * beautified some code / function names
Dirk
2015-06-28 13:52:42 +02:00
5d78c9421f* first tls_low_byte is now always 01 in TLS 1.0 --> TLS 1.2 (see openssl) * removing TLS 1.2 check from sockets as IIS has a problem with it
Dirk
2015-06-24 11:08:09 +02:00
e121f944e9* FIX: added missed downgrade (ret=2) in socket protcol check * resorted helper functions to top * cleanups (ok, renamed some functions)
Dirk
2015-06-23 21:54:47 +02:00
b575710634* FIX in --ip=one * straighthen help() * FIX ret value for no response in parse_tls_serverhello
Dirk
2015-06-23 12:58:40 +02:00
ae8f998f8f* help corrected, -e is standard
Dirk
2015-06-23 07:56:56 +02:00
a6c5a2af0d* handshake works now with SNI
Dirk
2015-06-22 23:19:08 +02:00
58a6f501b5- better addressed no clear fallback repsonses, see #121
Dirk
2015-06-20 19:36:11 +02:00
633cdc209b- NEW: IP address detection now in HTTP header - NEW: Varnish and Squid header detected - NEW: option --ip=one is a shortcut and means just test the first ip - CSP Report-Only in security headers - New: Varnish and Squid header detected, OWA header - all single tests in bold now - no support for TLS 1.2 spits out "NOT ok" as it is not ok - Medium ciphers and DES ciphers are not having aNULL and aDH ciphers anymore and have different colors --> ratings - http-date is now in http header(), tls_time in server_defaults() - http header reply is indented to same row as server defaults - http status code is displayed clearly now - BUGFIX: IPv6 address wasn't displayed - cleanup - application banner now in two lines if needed - try a second time to get a http header if first one fails - fix: case where % sign in ip address made prinf hiccup (sanitized) - fix: $url was in some functions empty - fixed bug where some headers were displayed twice
Dirk
2015-06-19 20:36:32 +02:00
59299ce9e1- FIX#119 (sed -E fails for old sed versions) - std_cipherlists tuned - fix for selfsigned certs (missed sometimes because of trailing space)
Dirk
2015-06-17 11:33:29 +02:00
478b8afac7FIX: bail out better if $NODE doesn't resolve cipher lists now wth plural ending added Liferay-Portal + X-OWA-Version for application banner new http_header (still leaving old one in) readability improvements
Dirk
2015-06-16 19:53:40 +02:00
e16ccd06b6- testing all IP addresses of a node works now (refactoring of parse_hn_port into three functions) FIX#96 - SNI is unset if STARTTLS is set - some BSD fixes (sed)
Dirk
2015-06-16 14:04:44 +02:00
ac92ffb3c2Merge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-06-15 12:13:45 +02:00
4432faf497"--ip" works now (see help) little cleanups
Dirk
2015-06-15 12:13:16 +02:00
3ca2b4d8a1Update Readme.md
Dirk Wetter
2015-06-15 11:29:05 +02:00
46c43ee53fMerge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-06-11 21:41:53 +02:00
a98b67013aFIX#116 CRIME is lightred/litegreen as it is not that bad as ccs or heartbleed resorted some functions
Dirk
2015-06-11 21:41:25 +02:00
7be69786b8Update Readme.md
Dirk Wetter
2015-06-11 19:32:14 +02:00
bdff6ba1bd- TLS_FALLBACK* was missing in the help #22#118
Dirk
2015-06-11 18:46:22 +02:00
c39b69a45fMerge pull request #118 from JonnyHightower/master
Dirk Wetter
2015-06-11 18:30:07 +02:00
dc548f1cfcAdded check for TLS_FALLBACK_SCSV support in local OpenSSL binary. In TLS_FALLBACK_SCSV check, added unique socket address to temporary file name in order to support multiple simultaneous instances.
JonnyHightower
2015-06-10 17:38:39 +01:00
8acc17b4bc- ease of making openssl binary with make-openssl.sh - Hint where the Readme is - removal of old binaries
Dirk
2015-06-10 08:15:28 +02:00
0e36255fb9Added a check for TLS_FALLBACK_SCSV
JonnyHightower
2015-06-08 17:19:34 +01:00
0f5c4981cb- more or less desperate try to figure out the real installation path (and find the mapping file) - help extended (equal sign, logjam)
Dirk
2015-06-02 22:13:19 +02:00
312b02ac63Merge pull request #117 from teward/patch-1
Dirk Wetter
2015-06-02 18:09:19 +02:00
266874daebExpand the OpenSSL 1.0.2 reqs/benefits.
Thomas Ward
2015-06-02 11:59:17 -04:00
03d8ba9b81Update OpenSSL reqs - LOGJAM checks need 1.0.2+
Thomas Ward
2015-06-02 11:57:11 -04:00
4081b2eef4- wrong arg for dirname ($1)
Dirk
2015-06-02 15:59:17 +02:00
06c3b06a7a- regression fix on mapping file
Dirk
2015-06-02 15:53:46 +02:00
32acfa97a5Merge pull request #115 from PeterMosmans/space
Dirk Wetter
2015-06-02 09:26:25 +02:00
8e4970c408Minor textual fix (added space)
Peter Mosmans
2015-06-01 14:16:31 +02:00
cac985967f- first prototype for using = in cmdline, see #108. Tests needed - beautified big case loop
Dirk
2015-06-01 12:01:38 +02:00
452fd6762a- local dns matches don't need lookup anymore over net --> saves timeouts+time - further banner tuning + funtion mybanner, 2 addtl global vars for debugging - cosmetic improvements
Dirk
2015-05-31 14:40:12 +02:00
77ad7c9252- the outsticking part was kind of not handy, see #113, remove commit message
Dirk
2015-05-30 11:36:47 +02:00
353b58c0c0Merge pull request #113 from PeterMosmans/showversion
Dirk Wetter
2015-05-30 11:16:31 +02:00
764f20dbcfFIX: Show version when specified on command line
Peter Mosmans
2015-05-30 11:13:57 +02:00
d066e0868aMerge pull request #112 from AntonioMeireles/cosmetics_1
Dirk Wetter
2015-05-29 22:42:51 +02:00
4064332234trim all whitespace at EOL.
António Meireles
2015-05-29 18:44:27 +01:00
9b2b897a43- make date even more beautiful, see #110 - fix RUN_DIR
Dirk
2015-05-29 14:12:22 +02:00
df3b9019a1Update Readme.md
Dirk Wetter
2015-05-29 13:37:37 +02:00
e14453b607Merge pull request #110 from AntonioMeireles/master
Dirk Wetter
2015-05-29 11:01:47 +02:00
4e18c35271Merge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-05-29 10:36:47 +02:00
41ee37f0dc- per default we do a allciphers run in the end - option long changed to wide - PFS now is per default not wide - PFS comes after standard cipher lists - debug output improved (in terms of privacy and additional info)
Dirk
2015-05-29 10:36:14 +02:00
b48ac9874e- early check to make sure people really use bash, see #109
Dirk
2015-05-29 10:10:53 +02:00
2ac34c1424- early check to make sure people really use bash, see #109
Dirk
2015-05-29 10:08:17 +02:00
4063e38ccfsimplify life for OSX users running gnu's coreutils...
António Meireles
2015-05-28 16:51:33 +01:00
f9605c4f35- BEAST now also works in wide mode - renamed --long in --wide - added --show-each to help - inserted help
Dirk Wetter
2015-05-27 17:04:35 +02:00
a76ca52c4c- first candidate for logjam (missing the precomuted primes though) - 1024 DH is now brown instead of red, 768 will be red, 512 bold red - dumped calls to ok() - further cosmetic stuff
Dirk Wetter
2015-05-27 14:28:18 +02:00
f261884499Merge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-05-27 11:24:47 +02:00
8ab0aef84bMerge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-05-26 12:56:17 +02:00
060178071d- for pfs. allciphers and cipher_per_proto we WARN now because of weak DH param (if openssl supports it) FIX#106, $85 - logjam not yet named *#105, #107) but addressed - --openssl switch - reorder find_openssl_binary / mybanner - proper identation of help
Dirk
2015-05-26 12:51:10 +02:00
9b13160953Update Readme.md
Dirk Wetter
2015-05-25 21:41:45 +02:00
3c161f9ce4- blanks in headlines added
Dirk
2015-05-25 21:22:21 +02:00
9c7d385098- omit 1xblank in almost all colored output (and adjust the functions using it) - little bit more robust for strange keysize and dh bits - added ecdsa-with-SHA256 to Signature Algorithm - FIX: no TLS1+SSL3 resulted in no output for BEAST
Dirk
2015-05-25 21:14:59 +02:00
e58b53eeae- dh key lenghth in negotiated cipher at first, see $85, #105, #106 - got rid of ok function calls in protocols - detection of apache banner win32/win64
Dirk
2015-05-25 15:10:09 +02:00
a7a19428d6- FIX for #104: check for hpkp pin match failed if \" was present
Dirk
2015-05-18 23:10:34 +02:00
0c4a36121e- NEW / FIX#104: check for hpkp pin match
Dirk
2015-05-18 21:51:45 +02:00
bf7b867d86Update Readme.md
Dirk Wetter
2015-05-17 22:56:38 +02:00
2919a7c40e- 2.4! - FIX#92 - FIX for TLS time (difftime was too small for local clock skew) - warning for freebsd/macosx w/o ports need now a "yes" - TLS 1.0 not offered is not bold anymore - output weirdness fixed for cipher order in spdy
Dirk
2015-05-17 22:30:49 +02:00
6e74b3bd5c- FIX of output whene there's no CBC cipher in BEAST - FIX: 2 occurrances of OPENSSL calls had a hostname instead of an IP address - FIX: starttls protocol correctly displayed - NEW added duplicate detection for header flags - NEW: added four GOST cipher to standard socket handshake - recommends if openssl 1.0.2 is used and results were strange and IIS6 --> run wqith openssl 1.0.1 - declared some global vars as readonly
Dirk
2015-05-15 21:32:11 +02:00
7741d99cc8Update Readme.md
Dirk Wetter
2015-05-12 13:42:42 +02:00
7614ac6f87Merge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-05-12 13:38:20 +02:00
16d2b33459- Workarounds for IIS6 #99 : some places where openssl 1.0.2 cannot connect (as opposed to =< 1.0.1) finding the right protocol before - hints for IIS6+openssl 1.0.2 non-conformity #99 - version bumped up to 2.4rc2 - better formatting for BSD in cipher order - FIX: 2x bug for cipher order + sslv2 - preambel revisited
Dirk
2015-05-12 13:37:39 +02:00
a7d7158c4bUpdate Readme.md
Dirk Wetter
2015-05-12 10:21:31 +02:00
3a64bd1005- WONTFIX remarks for #103 and #102 - better warning for openssl < 1.0
Dirk
2015-05-11 16:58:57 +02:00
Dirk Wetter
JonnyHightower
Thomas Ward
Peter Mosmans
António Meireles