cipherscan

LittleNellie/cipherscan

Fork 0

mirror of https://github.com/mozilla/cipherscan.git synced 2026-02-05 22:55:15 +01:00

Commit Graph

Select branches

Hide Pull Requests

master

output20150918

sni_by_default

snidefault

tls13

#10

#10

#100

#102

#103

#104

#105

#107

#109

#109

#11

#11

#117

#12

#120

#121

#122

#123

#124

#125

#126

#128

#13

#13

#131

#134

#135

#136

#136

#138

#14

#142

#143

#149

#15

#156

#157

#159

#159

#16

#160

#161

#166

#169

#169

#17

#170

#171

#172

#173

#177

#18

#181

#184

#19

#190

#191

#191

#194

#194

#195

#20

#21

#22

#23

#23

#24

#24

#25

#25

#26

#26

#27

#27

#28

#29

#3

#30

#31

#31

#32

#32

#33

#34

#34

#35

#36

#37

#37

#38

#39

#39

#4

#40

#40

#41

#42

#43

#44

#45

#45

#46

#46

#47

#48

#48

#5

#50

#53

#54

#58

#59

#6

#6

#60

#61

#62

#65

#67

#67

#68

#7

#7

#70

#74

#74

#75

#75

#76

#77

#79

#8

#8

#80

#81

#82

#89

#9

#9

#90

#91

#92

#92

#93

#93

#95

#96

#97

#98

#99

8f5b1eedc9 tests for ordering of sig algs in TLS 1.2 PFS kex Hubert Kario 2014-11-07 02:41:52 +01:00
434b383f01 add test for TLSv1.2 PFS key exchange Hubert Kario 2014-11-01 20:26:31 +01:00
67c2a7cfe4 Merge pull request #95 from tomato42/auto-colour Julien Vehent 2015-09-19 11:05:16 -04:00
bb2d3223f8 autodetect if the colors should be used Hubert Kario 2015-09-19 16:16:11 +02:00
0fe7013641 Fix colors Julien Vehent 2015-09-19 08:38:57 -04:00
460f9cf1f6 Merge pull request #91 from floatingatoll/fix-1 Julien Vehent 2015-09-18 16:50:11 -04:00
e27f614f08 revert unintended inclusion of sigalg skipping from 9ea1749f Richard Soderberg 2015-09-18 13:40:05 -07:00
4ffd2de58d Merge pull request #90 from jvehent/snidefault Julien Vehent 2015-09-18 16:04:50 -04:00
8618d44371 Merge branch 'snidefault' of github.com:jvehent/cipherscan into snidefault snidefault Julien Vehent 2015-09-18 16:00:39 -04:00
3131abb333 Add warning if target is not fqdn and SNI needs to be disabled Julien Vehent 2015-09-18 15:58:31 -04:00
5284dda0fb Enable SNI by default only if target is a fqdn and -servername not supplied Julien Vehent 2015-09-18 13:36:09 -04:00
72e2b4f6e9 Enable Server Name Indication by default Julien Vehent 2015-09-18 13:14:11 -04:00
901e3cbdfc Merge pull request #89 from jvehent/output20150918 Julien Vehent 2015-09-18 15:42:26 -04:00
5526c58ffb Merge pull request #82 from floatingatoll/various_fixes Julien Vehent 2015-09-18 15:41:44 -04:00
179cbe8db1 refuse to permit --allciphers and --json together Richard Soderberg 2015-09-18 11:56:28 -07:00
8f3341a165 openssl fallback and version warnings should go to STDERR Richard Soderberg 2015-09-18 11:53:18 -07:00
f11a0e3594 Revert "When in JSON mode, run curve and tolerance tests" output20150918 Julien Vehent 2015-09-18 14:50:03 -04:00
5d5568f03a use colors instead of ok/ko Julien Vehent 2015-09-18 14:50:00 -04:00
8a03b8d4e7 fix pubkey quality test Julien Vehent 2015-09-18 14:49:51 -04:00
ce2f97f05c Replace instances of [[ $ == "" ]] with [[ -z "" ]]. Richard Soderberg 2015-09-18 11:39:29 -07:00
236b0b8cfe Fixes instances of "SC2128: Expanding an array without an index only gives the first element.". Richard Soderberg 2015-09-05 04:40:07 -07:00
b2521c8e42 Fixes instances of "SC2053: Quote the rhs of == in [[ ]] to prevent glob matching." Richard Soderberg 2015-09-05 04:35:58 -07:00
24268e063e Fixes one instance of "SC2124: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate." Richard Soderberg 2015-09-05 04:33:06 -07:00
bc79c51065 Fixes instances of SC2086, SC2046 errors regarding unquoted variables. Richard Soderberg 2015-09-05 04:25:55 -07:00
c103805a38 Replace instances of [[ $ != "" ]] with [[ -n "" ]]. Richard Soderberg 2015-09-05 04:17:47 -07:00
5c09af67fd Remove one unnecessary string-to-array-to-string from get_curve_name(). Richard Soderberg 2015-09-05 04:10:58 -07:00
9ea1749f6c Pre-cache the cipher array-to-string result to do one less join. Richard Soderberg 2015-09-05 04:04:46 -07:00
d2e1784eb8 Simplify test_serverside_ordering() to use half as many assignments. Richard Soderberg 2015-09-05 04:01:36 -07:00
b91b153bbd Replace instances of string-ish [[ -lt ]] with arithmetic (( < )). Richard Soderberg 2015-09-05 03:36:40 -07:00
34ae0ccab9 Replace instances of string-ish [[ -ne ]] with arithmetic (( != )). Richard Soderberg 2015-09-05 03:26:34 -07:00
3d3789828b Replace instances of string-ish [[ -gt ]] with arithmetic (( > )). Richard Soderberg 2015-09-05 03:03:02 -07:00
9c63841e46 Replace instances of string-ish [[ -eq ]] with arithmetic (( == )). Richard Soderberg 2015-09-05 02:23:22 -07:00
90ac19cfe8 Replace an instance of string-ish [[ $? -gt 0 ]] with arithmetic (( $? != 0 )). Richard Soderberg 2015-09-05 03:27:00 -07:00
871ad92ae2 Simplify signature algorithm extraction to use a capturing regex and string substitution. Richard Soderberg 2015-09-05 03:13:46 -07:00
2764a16693 Replace OLDIFS/IFS joins with join_array_by_char(), avoiding $(...) subshell slowdown. Richard Soderberg 2015-09-05 02:46:04 -07:00
487f7cb6a4 Replace an echo | awk printf with builtin printf. Richard Soderberg 2015-09-05 02:20:39 -07:00
a342ff7579 Assign r=pass/fail once only, rather than twice for fail->pass. Richard Soderberg 2015-09-05 02:19:18 -07:00
9e3154389e Replace unnecessary test of command; if $? with if command. Richard Soderberg 2015-09-05 02:17:49 -07:00
fc71ed7204 Replace |sort|uniq with more efficient |sort -u. Richard Soderberg 2015-09-05 02:16:10 -07:00
644c1aa83a Replace numeric ALLCIPHERS comparison with simpler -n test. Richard Soderberg 2015-09-05 02:15:44 -07:00
7a697e28bc Enable SNI by default only if target is a fqdn and -servername not supplied Julien Vehent 2015-09-18 13:36:09 -04:00
9952d90cf4 Enable Server Name Indication by default Julien Vehent 2015-09-18 13:14:11 -04:00
3dd0f58f4c When in JSON mode, run curve and tolerance tests Julien Vehent 2015-09-18 12:36:41 -04:00
55918f3afb Add OK/KO flags in terminal output Julien Vehent 2015-09-18 12:36:26 -04:00
d90f3b0324 Enable Server Name Indication by default sni_by_default Julien Vehent 2015-09-18 13:04:31 -04:00
afc1755519 squash with ok/ko Julien Vehent 2015-09-18 13:03:38 -04:00
cfc3e67782 When in JSON mode, run curve and tolerance tests Julien Vehent 2015-09-18 12:36:41 -04:00
1b917883b8 Add OK/KO flags in terminal output Julien Vehent 2015-09-18 12:36:26 -04:00
249b3be23d Rephrase TLS tolerance output in terminal Julien Vehent 2015-09-18 12:35:17 -04:00
0de6abab61 Merge pull request #81 from floatingatoll/argparse_fixes Julien Vehent 2015-09-18 09:35:42 -04:00
5e2b12d940 Merge pull request #80 from floatingatoll/cacerts_logic Julien Vehent 2015-09-18 09:35:06 -04:00
b951fd5588 Merge pull request #79 from floatingatoll/autodetection-perf Julien Vehent 2015-09-18 09:32:33 -04:00
9dace07f4d Merge pull request #76 from floatingatoll/curves-by-default Julien Vehent 2015-09-18 09:29:18 -04:00
3770389b5c Merge pull request #68 from kenoh/master Julien Vehent 2015-09-18 09:27:41 -04:00
4b87301eb4 separate darwin and non-darwin OS autodetection, add NOAUTODETECT support for top1m performance Richard Soderberg 2015-09-03 23:52:58 -07:00
12ede64882 bash4 version check failure should go to STDERR. Richard Soderberg 2015-09-05 05:02:29 -07:00
6adda69af5 Revise CACERTS autodetection logic, ensure that CACERTS/CAPATH is readable/directory, add undocumented CAPATH env override. Richard Soderberg 2015-09-05 00:37:44 -07:00
5dc692566a Refuse to accept both --cafile and --capath. Richard Soderberg 2015-09-05 00:34:24 -07:00
097bd0c43b Rewrite HOST[:PORT] extraction routine (less sed, more validation). Richard Soderberg 2015-09-05 01:36:50 -07:00
d81ee1c801 Refuse to proceed if no HOST[:PORT] is provided after the options. Richard Soderberg 2015-09-05 01:06:09 -07:00
28555b03f0 Refuse to proceed if the final argument starts with a hyphen. Richard Soderberg 2015-09-05 01:01:19 -07:00
e35a6155bc Add --cafile <filename.crt>, alongside --capath <dirpath/>. Richard Soderberg 2015-09-05 00:22:40 -07:00
0728751208 move bash4 detection as early as possible in the script to permit logic later on Richard Soderberg 2015-09-05 00:03:55 -07:00
3f3e22b09a Merge pull request #77 from floatingatoll/bashisms Julien Vehent 2015-09-03 10:13:30 -04:00
22adaf188a verify that the openssl binary is emitting a valid s_client -help. Richard Soderberg 2015-09-03 07:02:38 -07:00
9a0e055628 remove crude_grep in favor of a simple =~ substring match. Richard Soderberg 2015-09-03 06:58:05 -07:00
f0142c323a remove one unnecessary assignment when on Darwin. Richard Soderberg 2015-09-03 06:47:47 -07:00
5ec3184a37 call dirname $0 three fewer times by caching the unmodified value prior to readlink modifications Richard Soderberg 2015-09-03 06:40:48 -07:00
f002b3573a fixes for "SC2004: $/${} is unnecessary on arithmetic variables." Richard Soderberg 2015-09-03 06:36:32 -07:00
21871b5bd7 fixes for "SC2046: Quote this to prevent word splitting." and "SC2086: Double quote to prevent globbing and word splitting." Richard Soderberg 2015-09-03 06:25:15 -07:00
4405d3fdce remove unused variable "fallback_available" Richard Soderberg 2015-09-03 06:17:15 -07:00
3664b1a199 fixes for "SC2145: Argument mixes string and array. Use * or separate argument." Richard Soderberg 2015-09-03 06:11:40 -07:00
bbb3496627 trim dead trailing ; Richard Soderberg 2015-09-02 21:58:31 -07:00
1c15af1ce3 verify the results of pushd rather than trusting it Richard Soderberg 2015-09-02 21:57:24 -07:00
81481cd016 requote, reindent ciphers and curves to the same format Richard Soderberg 2015-09-02 21:51:15 -07:00
10057f93dc revise whitespace layout of cipher, curve arrays to improve future diffs Richard Soderberg 2015-09-02 21:47:13 -07:00
9e563782e2 fix syntax error in busybox check - $(( is not the same as $( (, and a subshell is unnecessary here in any case Richard Soderberg 2015-09-03 06:00:23 -07:00
6efb1a4afb replace if [ ... ] with if [[ ... ]] Richard Soderberg 2015-09-02 21:21:14 -07:00
5fa972c534 enable curves by default Richard Soderberg 2015-09-02 21:11:25 -07:00
5f43f911bd Merge pull request #70 from tomato42/python3-analyze-fix Julien Vehent 2015-08-23 15:23:45 -04:00
a3e04d3d01 fix analyze.py Python3 compat Hubert Kario 2015-08-23 17:31:04 +02:00
c9529b5977 Fix: incorrect list + string concatenation (issue #64) Matúš Honěk 2015-08-14 16:55:54 +02:00
db4b16e50c Merge pull request #60 from tomato42/tls-intolerancies Julien Vehent 2015-07-16 10:30:27 -04:00
abe8d329a9 Big handshake intolerance report Hubert Kario 2015-04-05 16:24:46 +02:00
5f5487307d Interpret some intolerance test results Hubert Kario 2015-04-01 01:14:23 +02:00
5c98fe2107 do a scan with -no_tlsext openssl if possible Hubert Kario 2015-05-29 20:25:47 +02:00
a71bfe5ebd detect some TLS intolerancies Hubert Kario 2014-11-06 23:50:35 +01:00
0ab0575274 Merge pull request #58 from tomato42/fallback-scan Julien Vehent 2015-07-15 10:21:47 -04:00
0119b9c115 Merge pull request #59 from tomato42/parsing-fixes Julien Vehent 2015-06-10 07:33:17 +02:00
90ed0bbb3e Merge pull request #62 from tomato42/python3 Julien Vehent 2015-06-10 07:00:21 +02:00
19983c0c2b Merge pull request #61 from tomato42/gost-support Julien Vehent 2015-06-10 06:39:37 +02:00
86bc8e8574 fix is_fubar key size check Hubert Kario 2015-05-30 19:48:56 +02:00
a53a91695e make scripts python 3 compatible Hubert Kario 2015-05-30 15:46:26 +02:00
8ea6b57f9d cipherscan - capture whole Signature Algorithm line Hubert Kario 2015-05-29 20:34:48 +02:00
d151705218 parse_results.py - GOST support Hubert Kario 2015-05-24 21:26:36 +02:00
596692a18e add support for GOST cipher scanning Hubert Kario 2015-05-24 21:11:22 +02:00
d8ebaf2d9f report summary for clients for RC4 Preferred too Hubert Kario 2015-03-31 23:58:30 +02:00
c55d8166c5 don't limit client specific RC4 Only to servers with multiple ciphers Hubert Kario 2015-03-31 23:51:43 +02:00
37f1d15af1 count SSLv2 IDEA as insecure Hubert Kario 2015-03-31 23:45:51 +02:00
b673fb976a separate AES-CBC from AES-GCM Hubert Kario 2015-03-31 23:23:10 +02:00

1 2 3 4 5 ...