Skip to content

Commit

Permalink
Rev up testssl (#6801)
Browse files Browse the repository at this point in the history 
Co-authored-by: Amaury Chamayou <[email protected]>
  • Loading branch information
@maxtropets @achamayou
maxtropets and achamayou authored Feb 4, 2025
1 parent 66a93ab commit 6193a7c
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 28 deletions.
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1124,7 +1124,7 @@ if(BUILD_TESTS)
OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/testssl/testssl.sh
COMMAND
rm -rf ${CMAKE_CURRENT_BINARY_DIR}/testssl && git clone --depth 1
--branch v3.0.7 --single-branch
--branch v3.2rc4 --single-branch -c advice.detachedHead=false
https://github.com/drwetter/testssl.sh
${CMAKE_CURRENT_BINARY_DIR}/testssl
)
Expand Down
73 changes: 46 additions & 27 deletions tests/tls_report.csv
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
"ALPN","","INFO","http/1.1","",""
"BEAST","","OK","not vulnerable, no SSL3 or TLS1","CVE-2011-3389","CWE-20"
"BREACH","","OK","not vulnerable, no HTTP compression - only supplied '/' tested","CVE-2013-3587","CWE-310"
"BREACH","","OK","not vulnerable, no gzip/deflate/compress/br HTTP compression - only supplied '/' tested","CVE-2013-3587","CWE-310"
"CCS","","OK","not vulnerable","CVE-2014-0224","CWE-310"
"CRIME_TLS","","OK","not vulnerable","CVE-2012-4929","CWE-310"
"DNS_CAArecord","","LOW","--","",""
"DROWN","","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
"DROWN_hint","","INFO","no RSA certificate, can't be used with SSLv2 elsewhere","CVE-2016-0800 CVE-2016-0703","CWE-310"
"FREAK","","OK","not vulnerable","CVE-2015-0204","CWE-310"
"FS","","OK","offered","",""
"FS_ECDHE_curves","","OK","prime256v1 secp384r1 secp521r1","",""
"FS_TLS12_sig_algs","","INFO","ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA-BRAINPOOL+SHA256 ECDSA-BRAINPOOL+SHA384 ECDSA-BRAINPOOL+SHA512 ECDSA+SHA224","",""
"FS_TLS13_sig_algs","","INFO","ECDSA+SHA384","",""
"FS_ciphers","","INFO","TLS_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256","",""
"HPKP","","INFO","No support for HTTP Public Key Pinning","",""
"HSTS","","LOW","not offered","",""
"HTTP_clock_skew","","INFO","Got no HTTP time, maybe try different URL?","",""
Expand All @@ -16,9 +21,6 @@
"LUCKY13","","OK","not vulnerable","CVE-2013-0169","CWE-310"
"NPN","","INFO","not offered","",""
"OCSP_stapling","","INFO","not offered","",""
"PFS","","OK","offered","",""
"PFS_ECDHE_curves","","OK","prime256v1 secp384r1 secp521r1","",""
"PFS_ciphers","","INFO","TLS_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256","",""
"POODLE_SSL","","OK","not vulnerable, no SSLv3","CVE-2014-3566","CWE-310"
"RC4","","OK","not vulnerable","CVE-2013-2566 CVE-2015-2808","CWE-310"
"ROBOT","","OK","not vulnerable, no RSA key transport cipher","CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168","CWE-203"
Expand Down Expand Up @@ -46,9 +48,10 @@
"cert_eTLS","","INFO","not present","",""
"cert_expirationStatus","","HIGH","expires < 30 days (0)","",""
"cert_extKeyUsage","","INFO","No server extended key usage information","",""
"cert_extlifeSpan","","OK","certificate has no extended life time according to browser forum","",""
"cert_fingerprintSHA1","","INFO","","",""
"cert_fingerprintSHA256","","INFO","","",""
"cert_keySize","","OK","EC 384 bits","",""
"cert_keySize","","OK","EC 384 bits (curve P-384)","",""
"cert_keyUsage","","INFO","No server key usage information","",""
"cert_mustStapleExtension","","INFO","--","",""
"cert_notAfter","","HIGH","","",""
Expand All @@ -61,39 +64,46 @@
"cert_signatureAlgorithm","","OK","ECDSA with SHA384","",""
"cert_subjectAltName","","INFO","","",""
"cert_trust","","OK","Ok via SAN","",""
"cert_validityPeriod","","INFO","No finding","",""
"certificate_compression","","INFO","none","",""
"certificate_transparency","","INFO","--","",""
"certs_countServer","","INFO","1","",""
"certs_list_ordering_problem","","INFO","no","",""
"cipher_negotiated","","OK","TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)","",""
"cipher-tls1_2_xc02b","","OK","TLSv1.2 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","",""
"cipher-tls1_2_xc02c","","OK","TLSv1.2 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","",""
"cipher-tls1_3_x1301","","OK","TLSv1.3 x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256","",""
"cipher-tls1_3_x1302","","OK","TLSv1.3 x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384","",""
"cipher_order","","OK","server","",""
"cipher_x1301","","INFO","x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256","",""
"cipher_x1302","","INFO","x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384","",""
"cipher_xc02b","","INFO","xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","",""
"cipher_xc02c","","INFO","xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","",""
"cipher_order-tls1_2","","OK","server","",""
"cipher_order-tls1_3","","OK","server","",""
"cipher_strength_score","","INFO","0","",""
"cipher_strength_score_weighted","","INFO","0","",""
"cipherlist_3DES_IDEA","","INFO","not offered","","CWE-310"
"cipherlist_AVERAGE","","INFO","not offered","","CWE-310"
"cipherlist_EXPORT","","OK","not offered","","CWE-327"
"cipherlist_LOW","","OK","not offered","","CWE-327"
"cipherlist_NULL","","OK","not offered","","CWE-327"
"cipherlist_STRONG","","OK","offered","",""
"cipherlist_OBSOLETED","","INFO","not offered","","CWE-310"
"cipherlist_STRONG_FS","","OK","offered","",""
"cipherlist_STRONG_NOFS","","INFO","not offered","",""
"cipherlist_aNULL","","OK","not offered","","CWE-327"
"cipherorder_TLSv1_2","","INFO","ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256","",""
"cipherorder_TLSv1_3","","INFO","TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256","",""
"clientsimulation-android_442","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-android_500","","INFO","TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256","",""
"clientAuth","","INFO","optional","",""
"clientAuth_CA_list","","INFO","empty","",""
"clientsimulation-android_11","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-android_12","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-android_60","","INFO","TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256","",""
"clientsimulation-android_70","","INFO","No connection","",""
"clientsimulation-android_81","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-android_90","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-android_X","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-apple_ats_9_ios9","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-chrome_74_win10","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-apple_mail_16_0","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-chrome_101_win10","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-chrome_79_win10","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-edge_101_win10_21h2","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-edge_15_win10","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-edge_17_win10","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-firefox_100_win10","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-firefox_66_win81","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-firefox_71_win10","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-go_1178","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-ie_11_win10","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-ie_11_win7","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-ie_11_win81","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
Expand All @@ -102,30 +112,39 @@
"clientsimulation-ie_8_win7","","INFO","No connection","",""
"clientsimulation-ie_8_xp","","INFO","No connection","",""
"clientsimulation-java1102","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-java1201","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-java_6u45","","INFO","No connection","",""
"clientsimulation-java1703","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-java_7u25","","INFO","No connection","",""
"clientsimulation-java_8u161","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-libressl_283","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-openssl_102e","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-openssl_110l","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-openssl_111d","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-opera_66_win10","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-safari_10_osx1012","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-openssl_303","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-safari_121_ios_122","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-safari_130_osx_10146","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-safari_9_ios9","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-safari_9_osx1011","","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
"clientsimulation-thunderbird_68_3_1","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-safari_154_osx_1231","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"clientsimulation-thunderbird_91_9","","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
"cookie_count","","INFO","0 at '/' (30x detected, better try target URL of 30x)","",""
"fallback_SCSV","","OK","no protocol below TLS 1.2 offered","",""
"final_score","","INFO","0","",""
"grade_cap_reason_1","","INFO","Grade capped to T. Issues with the chain of trust (chain incomplete)","",""
"grade_cap_reason_2","","INFO","Grade capped to A. HSTS is not offered","",""
"heartbleed","","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
"id","fqdn/ip","port","severity","finding","cve","cwe"
"intermediate_cert_badOCSP","","OK","intermediate certificate(s) is/are ok","",""
"key_exchange_score","","INFO","0","",""
"key_exchange_score_weighted","","INFO","0","",""
"overall_grade","","CRITICAL","T","",""
"pre_128cipher","","INFO","No 128 cipher limit bug","",""
"protocol_negotiated","","OK","Default protocol TLS1.3","",""
"protocol_support_score","","INFO","0","",""
"protocol_support_score_weighted","","INFO","0","",""
"rating_doc","","INFO","https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide","",""
"rating_spec","","INFO","SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)","",""
"secure_client_renego","","OK","not vulnerable","CVE-2011-1473","CWE-310"
"secure_renego","","OK","supported","","CWE-310"
"security_headers","","MEDIUM","--","",""
"service","","INFO","HTTP","",""
"sessionresumption_ID","","INFO","not supported","",""
"sessionresumption_ticket","","INFO","not supported","",""
"ticketbleed","","OK","not vulnerable","CVE-2016-9244","CWE-200"
"winshock","","OK","not vulnerable","CVE-2014-6321","CWE-94"

0 comments on commit 6193a7c

Please sign in to comment.