Commits on Jul 16, 2018
Commits on Jul 11, 2018
  1. Make Travis CI shut up.

    drwetter committed Jul 11, 2018
    A soon-to-be-expired cert can be also HIGH, thus a test
    for critical is appropriate.
  2. (Slightly) improved JSON output for certificates

    drwetter committed Jul 11, 2018
    This commit fixes a bug mentioned in #1084 where a server
    with multiple host certificates wa missing a certificate
    number the the host certificate itself.
    It also adds a JSON object for the number of host certificates.
Commits on Jul 5, 2018
  1. Merge pull request #1079 from dcooper16/bad_certificate_list

    drwetter committed Jul 5, 2018
    Handle incorrectly populated certificate_list
Commits on Jun 28, 2018
  1. Handle incorrectly populated certificate_list

    dcooper16 committed Jun 28, 2018
    According to Section 7.4.2 of RFC 5246, when a server sends its certificate it MUST send a list in which the first certificate is the sender's certificate and "Each following certificate MUST directly certify the one preceding it." currently assumes that the server has populated the list way and so places the second certificate in the list into $TEMPDIR/hostcert_issuer.pem.
    However, not all servers have been following this requirement, and so draft-ietf-tls-tls13 (soon to be RFC 8446) only says that servers SHOULD list the certificates in this way and says that clients "SHOULD be prepared to handle potentially extraneous certificates and arbitrary orderings from any TLS version, with the exception of the end-entity certificate which MUST be first." needs to place the correct certificate in $TEMPDIR/hostcert_issuer.pem, since otherwise any OCSP request it sends will be incorrect, and any attempt to verify and OCSP response will be incorrect as well.
    This PR changes extract_certificates() and parse_tls_serverhello() to populate $TEMPDIR/hostcert_issuer.pem with the first certificate in certificate_list that has a subject DN that matches the issuer DN in the server's certificate, rather than simply populating $TEMPDIR/hostcert_issuer.pem with the second certificate in the list.
    In testing a random sampling of U.S. government servers, of 57 servers tested 5 reported "unauthorized" for the OCSP URI using the current and all 5 of these reported "not revoked" with this PR. This PR also corrects the same issue in some servers on the Alexa Top 1000, but this was only a problem for 12 of those 1000 servers.
  2. Merge pull request #1078 from dcooper16/stapled_ocsp_revocation_check

    drwetter committed Jun 28, 2018
    Check stapled OCSP response for revocation status
  3. Check stapled OCSP response for revocation status

    dcooper16 committed Jun 28, 2018
    In cases in which the server offers a stapled OCSP response, this commit extracts the OCSP response and then checks the response for the status of the server's certificate. The check is performed in the same way as when the certificate includes an OCSP URI and the "--phone-out" option is set, except that the OCSP response is received from the TLS server rather than coming directly from the OCSP responder. Since this only involves additional processing of data that is already receiving, the check is performed whether or not the "--phone-out" flag is set.
Commits on Jun 26, 2018
  1. Fine tuning if Jac2NL's commit of IDS evasion

    drwetter committed Jun 26, 2018
    Reduce the offensive tests to 4: the others are "just" / mostly cipher
    based checks which should not cause an IDS to block. (This maybe
    subject to reconsider at a later time.)
    Added a switch --ids-friendly
    Updated VULN_COUNT accordingly
    Added this (including PHONE_OUT to env debugging output)
    Added help()
    Manual section added
Commits on Jun 25, 2018
Commits on Jun 24, 2018
  1. If the environment variable OFFENSIVE has been set to false, skip a n…

    Jac2NL committed Jun 24, 2018
    …umber of checks that have offensive characteristics.
Commits on Jun 22, 2018
Commits on Jun 21, 2018
  1. Fix #615

    dcooper16 committed Jun 21, 2018
    This PR fixes #615 for the case in which tls_sockets() is used by splitting the list of CBC ciphers into two lists, each with fewer than 128 ciphers and then testing each list separately.
    For the --ssl-native case, no changes were needed. Even though $cbc_ciphers contains 154 ciphers, no version of OpenSSL supports all of these ciphers, and so the actual ClientHello sent by every version of OpenSSL contains fewer than 128 ciphers.
    I did, however, add the -no_ssl2 flag to the "$OPENSSL s_client" command to prevent OpenSSL from sending an SSLv2-compatible ClientHello. As is noted in a comment in run_server_preference(), "the supplied openssl will send an SSLv2 ClientHello if $SNI is empty and the -no_ssl2 isn't provided."
Commits on Jun 20, 2018
  1. Update RFC section in ~/doc with soon to be TLS 1.3 RFC

    drwetter committed Jun 20, 2018
    See PR #1072, title taken from
    (maybe subject to change).
    Todo: Handle the obsolted ones, maybe by adding "obsolete"
  2. Merge pull request #1072 from dcooper16/rfc8446

    drwetter committed Jun 20, 2018
    TLS 1.3 will be RFC 8446
Commits on Jun 19, 2018
  1. TLS 1.3 will be RFC 8446

    dcooper16 committed Jun 19, 2018
    According to, TLS 1.3 will be published as RFC 8446. This seems to be confirmed by and
    This PR updates comments that refer to draft-ietf-tls-tls13 to instead refer to RFC 8446. It also makes minor changes to other comments related to TLS 1.3 drafts.
    NOTE: This PR is a bit premature as it may be several weeks before RFC 8446 is actually published.
Commits on Jun 13, 2018
  1. Fix to-be-expired-soon certificate

    drwetter committed Jun 13, 2018
    The certificate from was about to expire
    which raises a MEDIUM type issue in testssl.
    This commit does a workaround for this, so that those certificates
    will be ok in Travis CI.
    (Same problem exists in 2.9.5)
  2. Fix line feeds in vulnerabilty output when running in wide mode

    drwetter committed Jun 13, 2018
    This commit is a FIX for #1069, thus when running in
    wide mode it corrects an additional line feed which
    happened sometimes.
    As @dcooper16 pointed out it also cleans up the needless
    if-statements in run_rc4(), run_lucky13() and run_beast().
    It also inserts for wide mode lines a blank so the alignment
    is not at the left border anymore (check for leftovers
Commits on Jun 5, 2018
  1. Merge pull request #1067 from dcooper16/revocation_checking_errors

    drwetter committed Jun 5, 2018
    Fix false "revoked" results for CRL and OCSP checking
Commits on Jun 1, 2018
  1. Reduce redundant code

    dcooper16 committed May 30, 2018
    Move some checks into functions so that the code doesn't have to be repeated.
Commits on May 29, 2018
  1. Fix false "revoked" results for CRL and OCSP checking

    dcooper16 committed May 29, 2018
    This PR fixes problems with check_revocation_crl() sometimes reporting that a certificate is revoked even when it isn't, and with check_revocation_ocsp() sometimes reporting "error querying OCSP responder" even if the OCSP responder provided a good response. The most common reason for this to happen is that OpenSSL cannot validate the server's certificate (even without status checking). PR #1051 attempted to get status checking to work even in cases in which the server's certificate could not be validated. This PR instead addresses the problem by not checking status if determine_trust() was unable to validate the server's certificate.
    In some cases the server's certificate can be validated using some, but not all of the bundles of trusted certificates. For example, I have encountered some sites that can be validated using the Microsoft and Apple bundles, but not the Linux or Mozilla bundles.
    This PR introduces GOOD_CA_BUNDLE to store a bundle that could be used to successfully validate the server's certificate. If there is no such bundle, then neither check_revocation_crl() nor check_revocation_ocsp() is run. When check_revocation_crl() and check_revocation_ocsp() are called, the status checks within them closely match the validation check in determine_trust(), which helps to ensure that if the check fails it is because of the status information.
    As noted in #1057, at least one CA provides incorrect information when the CRL is downloaded, so validation could fail for a reason other than the certificate being revoked. So, this PR adds a check of the reason that validation failed and only reports "revoked" if the validation failed for that reason.
    As noted in #1056, it is not possible to perform an OCSP query without access to the certificate issuer's public key. So, with this PR check_revocation_ocsp() is only called if the server's provided at least one intermediate certificate (i.e., the issuer's certificate, which contains the issuer's public key).
Commits on May 25, 2018
  1. Merge pull request #1066 from dcooper16/ocsp_error_responses

    drwetter committed May 25, 2018
    OCSP error handling
  2. Check for HTTP errors

    dcooper16 committed May 25, 2018
    Added back in check for HTTP error codes.
Commits on May 24, 2018
  1. OCSP error handling

    dcooper16 committed May 24, 2018
    This PR improves the handling of error responses when checking status using OCSP. It can handle a few types of errors:
    * When the responder just returns an error (e.g., "Responder error: unauthorized").
    * When the response cannot be verified (e.g., invalid signature, expired certificate).
    * When the response is valid ("Response verify OK"), but there is a problem with the response for the individual certificate (e.g., information is too old, or status is "unknown").
Commits on May 23, 2018
  1. Merge pull request #1064 from dcooper16/ocsp_checking

    drwetter committed May 23, 2018
    OCSP improvements
  2. OCSP improvements

    dcooper16 committed May 23, 2018
    This PR fixes two issues with OCSP checking. First, the syntax for specifying a host header changed in OpenSSL between versions 1.0.2 and 1.1.0. With OpenSSL 1.0.2-chacha, 1.0.2o, and LibreSSL the syntax needs to be "-header HOST <hostname>". With OpenSSL 1.1.0h and 1.1.1 the syntax needs to be "-header HOST=<hostname>". I have not been able to test other versions of OpenSSL 1.0.2 or 1.1.0, but am assuming that all versions of OpenSSL 1.1.0 use the same syntax as 1.1.0h.
    This PR also fixes a typo in the case of an error, which was causing $code to be set to "empty ocsp response" if the response was not empty rather than if it was empty.
  3. Merge branch 'crl_ocsp' into 2.9dev

    drwetter committed May 23, 2018
    OCSP revocation checks ran with a 100% success rate for the Alexa ~Top 1000
    (basis: all hosts supporting TLS and having an OCSP URI)