Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: testssl.sh | Distribution: SUSE Linux Enterprise 15 SP4 |
Version: 3.0.6 | Vendor: openSUSE |
Release: bp154.1.18 | Build date: Mon May 9 11:19:03 2022 |
Group: Productivity/Networking/Security | Build host: lamb62 |
Size: 3106532 | Source RPM: testssl.sh-3.0.6-bp154.1.18.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://testssl.sh | |
Summary: Testing TLS/SSL Encryption Anywhere On Any Port |
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
GPL-2.0-or-later
* Sun Oct 03 2021 Martin Hauke <mardnh@gmx.de> - Update to version 3.0.6 * Bugfix: Remove DST x3 Root CA which lead to trust issues for servers using a Letsencrypt certificate (Miguel Jacq) * Bugfix: Newer openssl.cnf break detection of openssl binary * Documenation update to reflect renaming standard ciphers to cipher categories * Ignore usage of ~/.digrc where possible * Fixing host information in JSON output when using STARTTLS XMPP * TLS 1.3 improvements wrt server certificates * Bugfix: Order of -U --ids-friendly doesn't matter anymore * Disable ANSI codes when TERM=screen * Improved SSL/TLS port detection in nmap greppable files using as input to testssl.sh * Bugfix when nmap files had .txt extension * Display certficate time in UTC * Use _uname -n`` instead of hostname --> POSIX * Few output fixes * Mon May 10 2021 Martin Hauke <mardnh@gmx.de> - Update to version 3.0.5 * Fix off by one error in HSTS (now: 180 instead of 179 days) * Fix minor output inconsistency in JSON output (Chad) * Improve compatibility for OpenSSL 3.0 (David Cooper) * Fix localization issue for ciphers where e.g. in Swedish W is being treated as a variant of V so that the W in TLS_ECDHE_RSA_WITH* didn't match the bash pattern * Fixes in file openssl-iana.mapping.html (Elfranne) * Fix quoting for CVE+JSON output in run_heartbleed() * Fix trailing dot issue in hostnames * Fix improper proper halving of the dates for Let's Encrypt certificates * Thu Nov 26 2020 Matthias Fehring <buschmann23@opensuse.org> - Update to version 3.0.4 * This version is a quick fix for a regression of detecting SSLv2 ciphers in a basic function. * Thu Nov 19 2020 Matthias Fehring <buschmann23@opensuse.org> - Update to version 3.0.3 * Update certificate stores * manpage fix (Karl) * minor speedups for some vulnerability tests * bash 5.1 fix * Secure Client-Initiated Renegotiation false positive fix * BREACH is now medium * invalid JSON fix and other JSON improvements (David) * Adding native Android 7 handshake instead of Chrome which has TLS 1.3 (Christoph) * Header flag X-XSS-Protection is now labled as INFO * No cyan colors in HHHTP header flags anymore, colons added * Fri Jul 24 2020 Matthias Fehring <buschmann23@opensuse.org> - Update to version 3.0.2 * Remove potential licensing conflicts * Fix situations when TLS 1.3 is used for Ticketbleed check * Improved compatibility with LibreSSL 3.0 * Add brotil compression to BREACH * Faster and more robust XMPP STARTTLS handshakes * More robust STARTTLS handshakes * Fix outputs, sometimes misleading * Wed Apr 15 2020 Martin Hauke <mardnh@gmx.de> - Update to version 3.0.1 * Fix hang in BEAST check when there are ciphers starting with SSL_* but which are no SSLv2 cipher * Fix bug in setting DISPLAY_CIPHERNAMES when $CIPHERS_BY_STRENGTH_FILE is not a/v. * Fix basic auth LF problem * Fix printing percent chars * Fix minor HTML generation bug * Fix security bug: sanitizing DNS input * make --ids-friendly work again * Update sneaky user agent * Update links in code comments * Cosmetic code updates * Fix output bug when >1 PTR records returned * More output fixes * Fri Apr 03 2020 Christian Boltz <suse-beta@cboltz.de> - fix bash path for Leap 15.x * Thu Jan 23 2020 Martin Hauke <mardnh@gmx.de> - Update to version 3.0 * Full support of TLS 1.3, shows also drafts supported * Extended protocol downgrade checks * ROBOT check * Better TLS extension support * Better OpenSSL 1.1.1 and higher versions support as well as LibreSSL >3 * DNS over Proxy and other proxy improvements * Decoding of unencrypted BIG IP cookies * Initial client certificate support * Warning of 825 day limit for certificates issued after 2018/3/1 * Socket timeouts (--connect-timeout) * IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent)support * Initial support for certificate compression * Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate * JSON output now valid also for non-responding servers * Testing now per default 370 ciphers * Further improving the robustness of TLS sockets (sending and parsing) * Support of supplying timeout value for openssl connect - - useful for batch/mass scanning * File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format * LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2) * PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3) * Check for session resumption (Ticket, ID) * TLS Robustness check GREASE and more * Server preference distinguishes between TLS 1.3 and lower protocols * Mark TLS 1.0 and TLS 1.1 as deprecated * Does a few startup checks which make later tests easier and faster (determine_optimal_\*()) * Expect-CT header detection * --phone-out does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL * --phone-out checks whether the private key has been compromised via https://pwnedkeys.com/ * Missing SAN warning * Added support for private CAs * Way better handling of connectivity problems (counting those, if threshold exceeded -> bye) * Fixed TCP fragmentation * Added --ids-friendly switch * Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors. * Better error msg suppression (not fully installed OpenSSL) * Better parsing of HTTP headers & better output of longer HTTP headers * Display more HTTP security headers * HTTP Basic Auth support for HTTP header * experimental "eTLS" detection * Dockerfile and repo @ docker hub with that file (see above) * Java Root CA store added * Better support for XMPP via STARTTLS & faster * Certificate check for to-name in stream of XMPP * Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL * Support for SNI and STARTTLS * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS caused problems) * Renegotiation checks improved, also no false potive for Node.js anymore * Major update of client simulations with self-collected up-to-date data * Update of CA certificate stores * Lots of bug fixes * More travis/CI checks -- still place for improvements * Bigger man page review - specfile cleanup - Add testssl.sh.rpmlintrc * Wed Dec 11 2019 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.96 (aka 3.0rc6) * Socket timeouts (--connect-timeout) * IDN/IDN2 servername support * pwnedkeys.com support * Initial support for certificate compression * Initial client certificate support * Better indentation for HTTP header outputs * Better parsing of HTTP headers * Penalize absence of TLS 1.2 anymore if server supports TLS 1.3 only * Several improvements related to protocol determination and downgrade responses * Some logic related using TLS 1.3 aware OpenSSL binaries more or less automagically * Internal improvements to server preference checks * Lots of internal and some speed improvements in "pre-flight checks" (comes before outputting any test) * Mark TLS 1.0 and TLS 1.1 as deprecated * Support newer OpenSSL/LibreSSL versions * Improved detection of wrong user input when file was supplied for --csv,--json and --html * Update client handshakes with newer client data and deprecate other clients * Regression in CAA RR fixed * Session resumption fixes * Session ticket fixes * Fixes for STARTTLS MySQL and PostgreSQL * Unit tests for (almost) every STARTTLS protocol supported * A lot of minor fixes * Sat Apr 27 2019 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.95 (aka 3.0rc5) * Modernized client handshakes * Further code sanitizing * Fixes in CSV files and JSON files creation and some ACE loadbalancer related improvements * Fix session tickets and resumption * OpenSSL 1.1.1 fixes * Darwin OpenSSL binary * Updated certificate store * Add SSLv2 to SWEET - update testssl.sh-2.9.92-set-install-dir.patch to testssl.sh-2.9.95-set-install-dir.patch * Tue Feb 19 2019 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.94 (aka 3.0rc4) * Documentation fixes and additions * Add new openssl helper binaries * Bug fix: Scan continues if one of multiple IP addresses per hostname has a problem * "eTLS" detection ("visibility information") * Minimize initial warning "doesn't seem to be a TLS/SSL enabled server" by using sockets * Several improvement for SSLv2 only servers * Handle different cipher preference < TLS 1.3 vs. TLS 1.3 * Clarify & improve Standard Cipher check (potentially breaking change) * Improve SWEET32 test * Finding certificates is faster and independent on openssl * Sat Dec 01 2018 Matthias Fehring <buschmann23@opensuse.org> - Update to testssl.sh 2.9.93 (aka 3.0rc3) * add SSLv2 ciphers *total ciphers now being tested for: 370) * updated client simulation data * TLS 1.3 improvements * STARTTLS NNTP support * STARTTLS XMPP faster and more reliable * include DH groups (primes) in pfs section * Fix TCP fragmentation under remaining OS: FreeBSD / Mac OS X * further bugfixes and clarifications * Wed Nov 28 2018 Matthias Fehring <buschmann23@opensuse.org> - initial package version 2.9.92 (aka 3.0rc2)
/usr/bin/testssl.sh /usr/share/doc/packages/testssl.sh /usr/share/doc/packages/testssl.sh/CHANGELOG.md /usr/share/doc/packages/testssl.sh/CREDITS.md /usr/share/doc/packages/testssl.sh/Readme.md /usr/share/licenses/testssl.sh /usr/share/licenses/testssl.sh/LICENSE /usr/share/man/man1/testssl.sh.1.gz /usr/share/testssl-sh /usr/share/testssl-sh/etc /usr/share/testssl-sh/etc/Apple.pem /usr/share/testssl-sh/etc/Java.pem /usr/share/testssl-sh/etc/Linux.pem /usr/share/testssl-sh/etc/Microsoft.pem /usr/share/testssl-sh/etc/Mozilla.pem /usr/share/testssl-sh/etc/README.md /usr/share/testssl-sh/etc/ca_hashes.txt /usr/share/testssl-sh/etc/cipher-mapping.txt /usr/share/testssl-sh/etc/client-simulation.txt /usr/share/testssl-sh/etc/client-simulation.wiresharked.md /usr/share/testssl-sh/etc/client-simulation.wiresharked.txt /usr/share/testssl-sh/etc/common-primes.txt /usr/share/testssl-sh/etc/curves.txt /usr/share/testssl-sh/etc/openssl.cnf /usr/share/testssl-sh/etc/tls_data.txt
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 17:06:41 2024