Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: testssl.sh | Distribution: openSUSE Leap 15.2 |
Version: 3.0.1 | Vendor: openSUSE |
Release: lp152.1.1 | Build date: Sat Apr 25 19:11:34 2020 |
Group: Productivity/Networking/Security | Build host: lamb06 |
Size: 3087680 | Source RPM: testssl.sh-3.0.1-lp152.1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://testssl.sh | |
Summary: Testing TLS/SSL Encryption Anywhere On Any Port |
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
GPL-2.0-or-later
* Wed Apr 15 2020 Martin Hauke <mardnh@gmx.de> - Update to version 3.0.1 * Fix hang in BEAST check when there are ciphers starting with SSL_* but which are no SSLv2 cipher * Fix bug in setting DISPLAY_CIPHERNAMES when $CIPHERS_BY_STRENGTH_FILE is not a/v. * Fix basic auth LF problem * Fix printing percent chars * Fix minor HTML generation bug * Fix security bug: sanitizing DNS input * make --ids-friendly work again * Update sneaky user agent * Update links in code comments * Cosmetic code updates * Fix output bug when >1 PTR records returned * More output fixes * Fri Apr 03 2020 Christian Boltz <suse-beta@cboltz.de> - fix bash path for Leap 15.x * Thu Jan 23 2020 Martin Hauke <mardnh@gmx.de> - Update to version 3.0 * Full support of TLS 1.3, shows also drafts supported * Extended protocol downgrade checks * ROBOT check * Better TLS extension support * Better OpenSSL 1.1.1 and higher versions support as well as LibreSSL >3 * DNS over Proxy and other proxy improvements * Decoding of unencrypted BIG IP cookies * Initial client certificate support * Warning of 825 day limit for certificates issued after 2018/3/1 * Socket timeouts (--connect-timeout) * IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent)support * Initial support for certificate compression * Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate * JSON output now valid also for non-responding servers * Testing now per default 370 ciphers * Further improving the robustness of TLS sockets (sending and parsing) * Support of supplying timeout value for openssl connect - - useful for batch/mass scanning * File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format * LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2) * PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3) * Check for session resumption (Ticket, ID) * TLS Robustness check GREASE and more * Server preference distinguishes between TLS 1.3 and lower protocols * Mark TLS 1.0 and TLS 1.1 as deprecated * Does a few startup checks which make later tests easier and faster (determine_optimal_\*()) * Expect-CT header detection * --phone-out does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL * --phone-out checks whether the private key has been compromised via https://pwnedkeys.com/ * Missing SAN warning * Added support for private CAs * Way better handling of connectivity problems (counting those, if threshold exceeded -> bye) * Fixed TCP fragmentation * Added --ids-friendly switch * Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors. * Better error msg suppression (not fully installed OpenSSL) * Better parsing of HTTP headers & better output of longer HTTP headers * Display more HTTP security headers * HTTP Basic Auth support for HTTP header * experimental "eTLS" detection * Dockerfile and repo @ docker hub with that file (see above) * Java Root CA store added * Better support for XMPP via STARTTLS & faster * Certificate check for to-name in stream of XMPP * Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL * Support for SNI and STARTTLS * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS caused problems) * Renegotiation checks improved, also no false potive for Node.js anymore * Major update of client simulations with self-collected up-to-date data * Update of CA certificate stores * Lots of bug fixes * More travis/CI checks -- still place for improvements * Bigger man page review - specfile cleanup - Add testssl.sh.rpmlintrc * Wed Dec 11 2019 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.96 (aka 3.0rc6) * Socket timeouts (--connect-timeout) * IDN/IDN2 servername support * pwnedkeys.com support * Initial support for certificate compression * Initial client certificate support * Better indentation for HTTP header outputs * Better parsing of HTTP headers * Penalize absence of TLS 1.2 anymore if server supports TLS 1.3 only * Several improvements related to protocol determination and downgrade responses * Some logic related using TLS 1.3 aware OpenSSL binaries more or less automagically * Internal improvements to server preference checks * Lots of internal and some speed improvements in "pre-flight checks" (comes before outputting any test) * Mark TLS 1.0 and TLS 1.1 as deprecated * Support newer OpenSSL/LibreSSL versions * Improved detection of wrong user input when file was supplied for --csv,--json and --html * Update client handshakes with newer client data and deprecate other clients * Regression in CAA RR fixed * Session resumption fixes * Session ticket fixes * Fixes for STARTTLS MySQL and PostgreSQL * Unit tests for (almost) every STARTTLS protocol supported * A lot of minor fixes * Sat Apr 27 2019 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.95 (aka 3.0rc5) * Modernized client handshakes * Further code sanitizing * Fixes in CSV files and JSON files creation and some ACE loadbalancer related improvements * Fix session tickets and resumption * OpenSSL 1.1.1 fixes * Darwin OpenSSL binary * Updated certificate store * Add SSLv2 to SWEET - update testssl.sh-2.9.92-set-install-dir.patch to testssl.sh-2.9.95-set-install-dir.patch * Tue Feb 19 2019 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.94 (aka 3.0rc4) * Documentation fixes and additions * Add new openssl helper binaries * Bug fix: Scan continues if one of multiple IP addresses per hostname has a problem * "eTLS" detection ("visibility information") * Minimize initial warning "doesn't seem to be a TLS/SSL enabled server" by using sockets * Several improvement for SSLv2 only servers * Handle different cipher preference < TLS 1.3 vs. TLS 1.3 * Clarify & improve Standard Cipher check (potentially breaking change) * Improve SWEET32 test * Finding certificates is faster and independent on openssl * Sat Dec 01 2018 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.93 (aka 3.0rc3) * add SSLv2 ciphers *total ciphers now being tested for: 370) * updated client simulation data * TLS 1.3 improvements * STARTTLS NNTP support * STARTTLS XMPP faster and more reliable * include DH groups (primes) in pfs section * Fix TCP fragmentation under remaining OS: FreeBSD / Mac OS X * further bugfixes and clarifications * Wed Nov 28 2018 Matthias Fehring <buschmann23@opensuse.org> - initial package version 2.9.92 (aka 3.0rc2)
/usr/bin/testssl.sh /usr/share/doc/packages/testssl.sh /usr/share/doc/packages/testssl.sh/CHANGELOG.md /usr/share/doc/packages/testssl.sh/CREDITS.md /usr/share/doc/packages/testssl.sh/Readme.md /usr/share/licenses/testssl.sh /usr/share/licenses/testssl.sh/LICENSE /usr/share/man/man1/testssl.sh.1.gz /usr/share/testssl-sh /usr/share/testssl-sh/etc /usr/share/testssl-sh/etc/Apple.pem /usr/share/testssl-sh/etc/Java.pem /usr/share/testssl-sh/etc/Linux.pem /usr/share/testssl-sh/etc/Microsoft.pem /usr/share/testssl-sh/etc/Mozilla.pem /usr/share/testssl-sh/etc/README.md /usr/share/testssl-sh/etc/ca_hashes.txt /usr/share/testssl-sh/etc/cipher-mapping.txt /usr/share/testssl-sh/etc/client-simulation.txt /usr/share/testssl-sh/etc/client-simulation.wiresharked.md /usr/share/testssl-sh/etc/client-simulation.wiresharked.txt /usr/share/testssl-sh/etc/common-primes.txt /usr/share/testssl-sh/etc/curves.txt /usr/share/testssl-sh/etc/tls_data.txt
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu May 9 11:29:15 2024