Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for ztls for ssl/crypto templates #1529

Merged
merged 11 commits into from
Feb 5, 2022
Merged

Conversation

Mzack9999
Copy link
Member

@Mzack9999 Mzack9999 commented Jan 24, 2022

Proposed changes

This PR adds support for ztls for ssl/crypto templates through fastdialer

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Related PRs

Example

template:

id: custom-cipher-suites-ssl-version

info:
  name: Custom SSL Cipher Suites and Version Input
  author: pdteam
  severity: low
  tags: ssl

ssl:
  - address: "{{Host}}:{{Port}}"
    min_version: sslv3
    max_version: tls12
    cipher_suites:
      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    matchers:
      - type: dsl
        dsl:
          - "unixtime() > not_after"

Run with:

echo https://x.x.x.x | go run . -ztls -t template.yaml

@Mzack9999 Mzack9999 self-assigned this Jan 24, 2022
@Mzack9999 Mzack9999 added Type: Enhancement Most issues will probably ask for additions or changes. Status: In Progress This issue is being worked on, and has someone assigned. labels Jan 24, 2022
@Mzack9999 Mzack9999 added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Jan 27, 2022
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

id: expired-ssl

info:
  name: Expired SSL Certificate
  author: pdteam
  severity: low
  tags: ssl

ssl:
  - address: "{{Host}}:{{Port}}"

    cipher_suites:
      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    matchers:
      - type: dsl
        dsl:
          - "unixtime() > not_after"

Custom cipher_suites input is not supported.

@ehsandeep ehsandeep merged commit a48e2ad into dev Feb 5, 2022
@ehsandeep ehsandeep deleted the issue-1231-zcrypto branch February 5, 2022 06:54
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Feb 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
3 participants