08fe890d5f- two fixes from #40 reported by @salt-lick
Dirk
2015-05-11 08:52:40 +02:00
19fc021587- FIX: 30x with BigIP doesn't have a date, handled properly now - generic GET/HEAD is now always with URL_PATH
Dirk
2015-05-10 23:38:06 +02:00
2f79ba52fc- NUMEROUS FreeBSD9/Darwin FIXES#40 - http date - cipher list in preferences - GET_REQ11 now closes the connection - openssl_age comes afeter the banner so that help doesn't need to go thru this - uname -s ==> SYSTEM
Dirk
2015-05-10 19:20:55 +02:00
0aa8ac7e76- more robust wrt IIS6 (some stuff better with IIS7) - X-Powered-By is easy to remove (PHP, ASP.NET), thus labelled as yellow - same X-AspNet-Version (version # itself is brown) - better addressed address resolution failures ;-) - bumped up version to 2.4rc1
Dirk
2015-05-06 18:48:51 +02:00
f3f3967bd1- FIX $87 (2), finally - feature: integrated TLS+HTTP time into server defaults - NEW: option: -U/vulnerable - moved explanation for BREACH into result - FREAK and CCS are not labled experimental anymore - unifying of get request headers - readability of help
Dirk
2015-05-02 15:01:02 +02:00
2aa82e5164- partly FIX for #87 (removed SNI helps. Doesn't make sense anyway) - changed order of Secure Renegotiation/Secure Client-Initiated Renegotiation - readability improvements in renego
Dirk Wetter
2015-05-01 12:18:43 +02:00
d766a0b459- fix additional \n in RC4 if no RC4 ciphers were detected
Dirk
2015-04-28 08:04:09 +02:00
ae1abda571Update Readme.md
Dirk Wetter
2015-04-24 16:52:08 +02:00
150fb671bb- more thourough what has been done
Dirk
2015-04-23 09:25:28 +02:00
b492031b95Update Readme.md
Dirk Wetter
2015-04-23 08:48:28 +02:00
1ea7a0947f- RC4 has now 2 CVEs and cipher per default are displayed short - introducng a variable name LONG which for certain funcs shows broad output with hexc, cipher, KX, etc. - FIX: regression not showing security headers - introducing VULN_THRESHLD
Dirk
2015-04-22 18:24:39 +02:00
3891f5b13b- FIX#83 - emphasize also OS names in HTTP headers
Dirk
2015-04-22 15:22:53 +02:00
06bd8b2517- FIX for complete bailing out
Dirk
2015-04-22 11:56:13 +02:00
bafce6edce- reordering code so that all attacks are together - RC4 is now really omitted in PFS test - cleanup of some comments
Dirk
2015-04-22 10:33:44 +02:00
5bec0a16c9- better compatibility with windows 2003 server - all long options are advertised now as with dashes and not underscore - cosmetic stuff
Dirk
2015-04-20 10:05:01 +02:00
7b6dba6369FIX for #82
Dirk
2015-04-18 23:03:16 +02:00
3f0f489f50Indicated freeze
Dirk Wetter
2015-04-16 21:05:23 +02:00
5625ee536e- BUGFIX: IIS server lead to false pisitive if SSLv3 was enabled (timeout was faster then socket resply) - FIX: CORS header not labeled as green - NEW: Now also STARTTLS works with all cmd line options and is absolutely doing the same stuff! (integrated starttls() into parse_hn_port() ) - option --mx needed to be changed because of starttls - regression fix: exec for socket doesn't play nice with stderr redirect (probably bash bug) - added some env options to cmd line as long args (--assuming-http,--ssl_native, --color, debug, --sneaky, --warnings) - threw away getent as it doesn't work under Linux && not network && localhost (replaced by grep) - SSL-POODLE is not labeled anymore experimental - HB+CCS are called while checking STARTTLS but given a hint that its not yet supported - added more env vars to debug output - cleanups
Dirk
2015-04-16 20:36:17 +02:00
f682c5ceea- FIX regression: more_flags execution was missing - FIX regression: capitalized/all lowercase headers weren't detected - if socksend is blocked (IDS) output looks better and is reported as test didn't succeed - no secure cookie or Httponly will be marked as brown - tput color yellow is now brown
Dirk
2015-04-14 13:16:43 +02:00
9d5168dbb5- more robust grep >=2.20, e.g Debian 8.0 (thx @stevenb18) - FIX: false positive for breach while testing google.com (referer header was hardcoded to google.com)
Dirk
2015-04-14 10:15:07 +02:00
683e9dccab- FIX (regression): -V - logic of some ENV variables changed (attention!) - included some ENV as long options (not in the help yet) - decentralized http check for breach - if openssl is not executable it bails out better now - help function now exits
Dirk
2015-04-13 22:55:40 +02:00
1043c40a60Merge branch 'master' of github.com:drwetter/testssl.sh
Dirk
2015-04-10 15:16:20 +02:00
a12d39769f- underline CN, SAN and issuer deutschepost case (see sourceforge.net/p/ssllabs/mailman/message/33764851/)
Dirk
2015-04-10 15:15:47 +02:00
bfcd684e19Update Readme.md
Dirk Wetter
2015-04-10 10:13:30 +02:00
9ebf112858Update Readme.md
Dirk Wetter
2015-04-09 22:24:57 +02:00
53e0955dfbFIX: missing server preferences, NEW: each cipher server preferences per protocol!
Dirk
2015-04-09 22:08:48 +02:00
8da96f78f2- got rid of "strings"
Dirk
2015-04-02 12:19:24 +02:00
4bbd19ba03- updated binaries from Peter. Necessary because handshake under rare circumstances failed (routines:tls1_setup_key_block:cipher or hash unavailable:t1_enc.c:802. SLES 12 server, some ciphers under TLS 1.2
Dirk
2015-04-02 11:46:12 +02:00
940f51e74bprotocol check via sockets now also for SSLv3
Dirk
2015-03-31 10:34:30 +02:00
9ed58b6202cleanups / bsd date in tls time
Dirk
2015-03-30 23:09:19 +02:00
ca6ca5d47e- added two pairs of ciphers to server preference (thx Dilian)
Dirk
2015-03-17 22:02:23 +01:00
2faad9de9a- working tls handshake with bash sockets (not yet in production, hint: see option "-q" in the bottom)
Dirk
2015-03-17 18:11:18 +01:00
c159af7f42- check whether openssl is executable - spaces to tabs - adding hint to "aha" in help
Dirk
2015-03-17 15:14:58 +01:00
263535520f- FIX for date --> applied to other BSD systems too - FIX for SNI output as it doensn';t make sense for non HTTP servives - lines for RC4 and PFS shortenedA - display all MX records to test before testing - removed LOCERR, added CCS_MAX_WAITSOCK, HEARTBLEED_MAX_WAITSOCK
Dirk
2015-03-17 12:22:21 +01:00
f8ba69f9fb- some internal code internal cleanups - minor cosmetic output corrections - preparation for bash sockets for SSLv3 to TLS 1.2
Dirk
2015-03-16 00:22:51 +01:00
4556108a72further improvements through shellcheck
Dirk
2015-03-15 16:59:29 +01:00
68695bbad3FIX#74 for sed BSD: doesn't like inline \n headline for BEAST was missing
Dirk
2015-03-15 16:10:14 +01:00
655944bd4d- FIX: regression for wc -l w/o cat (3x) - removal of unneccessary waitpid, inline
Dirk
2015-03-15 14:41:34 +01:00
fbd383f345- prework for checking hpkp fingerprints
Dirk
2015-03-15 10:18:37 +01:00
5cd4b8f73e- Shellcheck static analysis by Mark
Dirk
2015-03-15 09:04:49 +01:00
bf411d8c11Merge pull request #73 from feld/master
Dirk Wetter
2015-03-15 08:56:01 +01:00
2684f5c392Make date command work with both Linux and FreeBSD
Mark Felder
2015-03-13 15:51:50 -05:00
6f15652121Merge branch 'master' of github.com:feld/testssl.sh
Mark Felder
2015-03-13 15:24:37 -05:00
8cdd516ad1more ps >/dev/null fixes
Mark Felder
2015-03-13 15:24:16 -05:00
8d965f7c71More useless cat
Mark Felder
2015-03-13 15:19:47 -05:00
7babe7478dRemove 2>&1 for the ps $pid lines; it's unnecessary
Mark Felder
2015-03-13 15:16:21 -05:00
c83e1b98e2Merge branch 'master' of github.com:feld/testssl.sh
Mark Felder
2015-03-13 15:12:45 -05:00
8ad1cca0abRemove useless kittens
Mark Felder
2015-03-13 15:10:36 -05:00
4cdc89aa61Revert to 2>&1 > /dev/null order because it isn't behaving correctly.
Mark Felder
2015-03-13 14:56:30 -05:00
59ed025f36Replace expr with $(( ))
Mark Felder
2015-03-13 14:54:36 -05:00
73202da2fdFix missing single quote
Mark Felder
2015-03-13 14:26:02 -05:00
b7b88a03e7Fix order of the redirect
Mark Felder
2015-03-13 10:00:14 -05:00
305fcca2aeReplace backticks with $(..)
Mark Felder
2015-03-13 09:52:39 -05:00
2614c093d7Merge pull request #66 from Rechi/master
Dirk Wetter
2015-03-02 14:13:33 +01:00
37fa44cecf- remark about rc4 rfc
Dirk
2015-03-02 14:09:34 +01:00
3f55de1483Update Readme.md
Dirk Wetter
2015-03-02 13:59:45 +01:00
81afa43755Check MX Records (#41)
Rechi
2015-02-24 21:22:59 +01:00
29214c7a1f- better detection for ssl poodle - change of shorticut from zero to letter o
Dirk
2015-02-27 21:21:39 +01:00
87f821e390Merge pull request #65 from schuetzm/fix-nrsaved
Dirk Wetter
2015-02-24 18:28:09 +01:00
274ee394e8Don't let error message slip through when no certs have been downloaded
Marc Schütz
2015-02-24 18:10:28 +01:00
868c813055Merge pull request #64 from PeterMosmans/spellingfix
Dirk Wetter
2015-02-24 10:03:32 +01:00
5440b24b92FIX: minor spelling issue
Peter Mosmans
2015-02-24 14:57:43 +10:00
8aa8254c2d- FIX#62 (CentOS 7/RHEL: engine failure), was not usable b4
Dirk
2015-02-23 10:40:10 +01:00
d0d7bb47e2- FIXED: #47 ("double" linefeed if RFC mapping file is not present)
Dirk
2015-02-22 23:05:40 +01:00
e2448ea95d- NEW: tells how many certificates provides (and grabs them with DEBUG=1) - COLOR for no cipher order is red now - "VULNERABLE" comes now always with "NOT ok"
Dirk
2015-02-21 11:47:12 +01:00
1be281c404- FIXED: #38, new openssl from Peter Mosmans makes the workaround unneccessary
Dirk
2015-02-21 10:46:30 +01:00
a255462812- to tell the difference between the sets of binaries
Dirk
2015-02-21 10:39:27 +01:00
bacb3b69ba- FIXED: #38, new openssl from peter mosmans makes the workaround unneccessary
Dirk
2015-02-21 10:38:04 +01:00
cacb200049Update Readme.md
Dirk Wetter
2015-02-15 14:10:11 +01:00
b261c1079a- Fix#55 (302 detection for URL)
Dirk
2015-02-15 14:00:13 +01:00
f203b8b299- Fix#46 (preload lists HPKP and HSTS) - word match for includeSubDomains (useful if one specified the keyword wrong)
Dirk
2015-02-15 13:37:44 +01:00
Dirk
Peter Mosmans
Mark Felder
Mark Felder
Rechi
Marc Schütz