90ed0bbb3e
Merge pull request #62 from tomato42/python3
...
Python 3 compatibility
2015-06-10 07:00:21 +02:00
19983c0c2b
Merge pull request #61 from tomato42/gost-support
...
GOST support
2015-06-10 06:39:37 +02:00
86bc8e8574
fix is_fubar key size check
2015-05-30 19:48:56 +02:00
a53a91695e
make scripts python 3 compatible
2015-05-30 15:46:26 +02:00
8ea6b57f9d
cipherscan - capture whole Signature Algorithm line
...
the GOST certificates have a signature algorithm name with spaces
2015-05-30 14:58:23 +02:00
d151705218
parse_results.py - GOST support
2015-05-30 14:58:23 +02:00
596692a18e
add support for GOST cipher scanning
2015-05-30 14:58:23 +02:00
3bc8dc5583
one big readme update
2015-04-03 10:59:22 -04:00
d4441cf2bc
update sample output in readme to show curves
2015-04-03 10:42:07 -04:00
02d555bf9d
update openssl binary for darwin
2015-04-03 10:41:41 -04:00
1a26e09c7b
Merge pull request #54 from jvehent/jvehent-rework-tomato42-curves-tolerance-5
...
Jvehent rework tomato42 curves tolerance 5, closes #46
2015-04-02 09:50:46 -04:00
4a6ff56b81
Add back support for old curve json format in parse results
2015-04-02 04:39:59 -04:00
a966574edc
Fix curve fallback detection
2015-04-01 14:51:01 -04:00
b2a399617f
Use new JSON format in parse_results
2015-04-01 14:50:49 -04:00
4d7e1cb05a
Re-add curve fallback detection
2015-04-01 12:50:01 -04:00
04314bffdc
Updated openssl linux amd64 binary
2015-04-01 11:18:41 -04:00
c90e5c59d7
Improve output of curves
2015-04-01 11:18:31 -04:00
cc014f085d
test curve for each ECDH cipher, change PFS output to use curve name
2015-03-27 19:03:27 -04:00
224227cc5e
force at least TLSv1.0 in curves tolerance test
...
because to advertise curves to server we need extensions and
extensions are only available in TLSv1.0 or later, we need to force
OpenSSL not to send SSLv2 compatible hello if it thinks it's ok to
do (when there are SSLv2 ciphers present in cipherstring it will try to)
2015-03-27 10:04:15 -04:00
c52e008347
add support for testing supported curves
...
since early versions of 1.0.2 openssl supports -curves command line
option, it allows us to set the curves advertised as supported
use the same approach to testing: advertise all, check what server
accepts, remove the accepted from list, repeat. When server aborts
connection or selects non ECC cipher, we know that we've tested all.
2015-03-27 10:04:15 -04:00
089f9e04c2
Merge pull request #50 from firstbanco/busybox_fix
...
Fix for busybox timeout binary
2015-03-26 12:58:48 -04:00
800eff19ce
Merge branch 'master' of github.com:jvehent/cipherscan
2015-03-19 13:52:38 -04:00
7bf35cb02a
rebuild openssl binaries with better config flags
2015-03-19 13:52:18 -04:00
3ff415a338
Merge pull request #53 from tomato42/how-to-compile-2
...
How to compile OpenSSL with all testing features
2015-03-19 12:32:21 -04:00
2f0f906dbf
how to compile the openssl with all features
2015-03-19 17:25:47 +01:00
8b38f8fad9
Merge branch 'master' of github.com:jvehent/cipherscan
2015-03-19 11:30:46 -04:00
aee4d8f109
Update openssl binary to 1.0.2a
2015-03-19 11:30:07 -04:00
6db82374b4
Fix for busybox timeout binary
2015-03-13 11:58:23 +00:00
606d7626db
Merge pull request #44 from genodeftest/patch-1
...
fix: ignore case in bash version string
2015-01-26 11:10:55 -05:00
3e4b86eedd
Merge pull request #47 from ScriptFanix/master
...
fix silent TypeError on sigalg md5WithRSAEncryption
2015-01-26 11:09:54 -05:00
3915164430
Use custom darwin openssl bin in analyze.py
2015-01-18 12:26:59 -05:00
9ecc3f7164
New bash version info test using $BASH_VERSINFO
2015-01-12 16:46:18 +01:00
d1a8604a2a
fix silent TypeError on sigalg md5WithRSAEncryption
...
conn['sigalg'] is an array, logging.debug(conn['sigalg']) caused silent failure
2015-01-10 03:51:26 +01:00
54ec2aca99
fix: ignore case in bash version string
...
Currently on some systems `bash --version` reports `GNU bash, Version 4[…]` which will fail the test.
2015-01-02 22:47:28 +01:00
a90fc8bc58
Merge pull request #43 from ScriptFanix/master
...
don't expect openssl to be in cwd
2014-12-30 15:36:11 -05:00
b457951f5f
don't expect openssl to be in cwd
2014-12-26 09:49:52 +01:00
ac15fc738d
Update README.md
2014-12-25 13:50:10 -05:00
051f927fcd
Merge branch 'master' of github.com:jvehent/cipherscan
2014-12-25 13:26:04 -05:00
904e311124
Fix OSX: require bash4, add openssl-darwin64 binary
2014-12-25 13:25:29 -05:00
b04cbc6b85
Merge pull request #42 from ScriptFanix/master
...
--nagios: run as a nagios plugin
2014-12-25 12:34:34 -05:00
4e74308c37
Merge pull request #41 from MikeDawg/master
...
Added usage print and exit if no options are given
2014-12-25 12:27:35 -05:00
008bd6af2b
Merge pull request #38 from PeterMosmans/changeorder
...
Bugfix: correct flow when number of ciphers are loaded
2014-12-25 12:15:11 -05:00
726ef22552
Merge pull request #35 from PeterMosmans/openssl
...
Updated 64-bit OpenSSL binary (1.0.2 beta 4)
2014-12-25 12:11:01 -05:00
2d030775c4
Merge pull request #36 from PeterMosmans/symlinks
...
Make sure that custom openssl gets selected
2014-12-25 12:08:00 -05:00
0e7996181a
Don't expect scripts to be in working directory
2014-12-24 11:26:24 +01:00
983f85d2d4
--nagios: run as a nagios plugin
2014-12-23 14:51:50 +01:00
c019ecd493
Added usage print and exit if no options are given
2014-12-17 13:06:06 -07:00
81c1809463
corrected flow when number of ciphers was shown
...
First make sure that ${OPENSSLBIN} is correctly set
2014-11-22 18:36:24 +10:00
558bf7c9e2
Make sure that custom openssl gets selected
...
Symlinks are now resolved (when readlink -f is available)
2014-11-14 10:49:16 +11:00
c71828dc09
Updated 64-bit OpenSSL binary (1.0.2 beta 4)
...
Compiled for 64-bit-linux from the following source:
https://github.com/PeterMosmans/openssl/tree/1.0.2-chacha
Commands used:
./Configure linux-x86_64 no-shared zlib enable-gost enable-ec_nistp_64_gcc_128 enable-idea \
enable-md2 enable-rc5 enable-rfc3779 enable-ssl2 experimental-jpake
make depend
make
make report
2014-11-11 17:46:23 +11:00
Julien Vehent
Hubert Kario
Samuel Kleiner
Christian Stadelmann
Vincent Riquer
Vincent Riquer
Mike
Peter Mosmans