lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <55FA6F7A.2050307@drwetter.org>
Date: Thu, 17 Sep 2015 09:44:58 +0200
From: Dirk <spam@...etter.org>
To: fulldisclosure@...lists.org
Subject: [FD] New release of testssl.sh


Hi,

version 2.6 of the SSL/TLS checker "testssl.sh" is out!

testssl.sh is a free command line tool which checks a server's service
on any port for the support of TLS/SSL ciphers, protocols as well as
recent cryptographic flaws and it much more.

It is written in (pure) bash, makes only use of standard Unix utilities,
openssl and last but not least bash sockets.

Version 2.6 includes major improvements (ids from github):

* LOGJAM: check of DHE_EXPORT ciphers, displays DH(/ECDH) bits in wide mode
  on negotiated ciphers
* (HTTP) proxy support! Via sockets and openssl -- Thx @jnewbigin
* TLS_FALLBACK_SCSV check -- Thx @JonnyHightower
* TLS 1.0-1.1 as socket checks per default in production
* TLS time and HTTP time stamps for architecture fiingerprinting
* support of sockets also for STARTTLS protocol checks
* TLS time displayed also for STARTTLS
* binary directory provides out of the box better suited binaries (with up to
  195 ciphers), besides Linux static binaries:
  * OS X binaries (new builds from @jpluimers)
  * FreeBSD binary
  * ARM binary (@f-s)
* Extended validation certificate detection
* "wide mode" option for checks like RC4, BEAST. PFS: Displays hexcode, kx,
  strength, DH bits, RFC cipher name
* will test multiple IP adresses in one shot, --ip= restricts it accordingly
* runs in default mode through all ciphers at the end of a default run
* new mass testing file option --file option where testssl.sh commands are being
  read from, see https://twitter.com/drwetter/status/627619848344989696
* displays matching host key (HPKP)
* further detection of security relevant headers (reverse proxy, IPv4 addresses) as
  well as proprietary banners (OWA, Liferay etc.)
* can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML
  streams).
* quite some fixes when using LibreSSL, still not recommended to use though
  (see https://testssl.sh/)
* lots of fixes, code improvements, even more robust

Get it while it's hot @ https://testssl.sh or @ github where all development
action takes place: https://github.com/drwetter/testssl.sh/tree/2.6 .

Some of the planned feaures for the next release see
https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29


Cheers, Dirk (@drwetter)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ