Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sslscan for openSUSE:Factory checked
in at 2021-05-12 19:32:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sslscan (Old)
and /work/SRC/openSUSE:Factory/.sslscan.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sslscan"
Wed May 12 19:32:18 2021 rev:9 rq:892437 version:2.0.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/sslscan/sslscan.changes 2020-12-18
20:00:26.490130009 +0100
+++ /work/SRC/openSUSE:Factory/.sslscan.new.2988/sslscan.changes
2021-05-12 19:32:52.890881982 +0200
@@ -1,0 +2,13 @@
+Tue May 11 21:50:32 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 2.0.10:
+ * Add the --connect-timeout option (credit alkalim)
+ * Fix a typo in output
+ * Warn on TLSv1.1, as it's now deprecated by RFC 8996
+ * Fix a bug with LDAP STARTTLS
+ * Fix certificate detection on some broken servers
+ * Fix missing SCSV Fallback in XML output
+ * Don't show server signature algorithms by default
+ * Use --show-sigs to display them
+
+-------------------------------------------------------------------
Old:
----
sslscan-2.0.6.tar.gz
New:
----
sslscan-2.0.10.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sslscan.spec ++++++
--- /var/tmp/diff_new_pack.AoWU8a/_old 2021-05-12 19:32:53.318880271 +0200
+++ /var/tmp/diff_new_pack.AoWU8a/_new 2021-05-12 19:32:53.322880256 +0200
@@ -1,7 +1,7 @@
#
# spec file for package sslscan
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: sslscan
-Version: 2.0.6
+Version: 2.0.10
Release: 0
Summary: SSL cipher scanning tool
License: SUSE-GPL-3.0+-with-openssl-exception
++++++ sslscan-2.0.6.tar.gz -> sslscan-2.0.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/Changelog new/sslscan-2.0.10/Changelog
--- old/sslscan-2.0.6/Changelog 2020-10-31 15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/Changelog 2021-04-27 17:38:51.000000000 +0200
@@ -1,12 +1,39 @@
Changelog
=========
+Version: 2.0.10
+Date : 27/04/2021
+Author : rbsec <ro...@rbsec.net>
+Changes: The following are a list of changes
+ > Add the --connect-timeout option (credit alkalim)
+ > Fix a typo in output
+
+Version: 2.0.9
+Date : 24/03/2021
+Author : rbsec <ro...@rbsec.net>
+Changes: The following are a list of changes
+ > Warn on TLSv1.1, as it's now deprecated by RFC 8996
+
+Version: 2.0.8
+Date : 12/02/2021
+Author : rbsec <ro...@rbsec.net>
+Changes: The following are a list of changes
+ > Fix a bug with LDAP STARTTLS
+ > Fix certificate detection on some broken servers
+ > Fix missing SCSV Fallback in XML output
+
+Version: 2.0.7
+Date : 10/02/2021
+Author : rbsec <ro...@rbsec.net>
+Changes: The following are a list of changes
+ > Don't show server signature algorithms by default
+ > Use --show-sigs to display them
+
Version: 2.0.6
Date : 31/10/2020
Author : rbsec <ro...@rbsec.net>
Changes: The following are a list of changes
> Flag certificates in red if CN is the same as issuer
-Version: 2.0.4
Version: 2.0.5
Date : 24/10/2020
Author : rbsec <ro...@rbsec.net>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/README.md new/sslscan-2.0.10/README.md
--- old/sslscan-2.0.6/README.md 2020-10-31 15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/README.md 2021-04-27 17:38:51.000000000 +0200
@@ -61,7 +61,7 @@
* Display EC curve names and DHE key lengths with OpenSSL >= 1.0.2
`--no-cipher-details`.
* Flag weak DHE keys with OpenSSL >= 1.0.2 `--cipher-details`.
* Flag expired certificates.
-* Flag TLSv1.0 ciphers in output as weak.
+* Flag TLSv1.0 and TLSv1.1 protocols in output as weak.
* Experimental OS X support (static building only).
* Support for scanning PostgreSQL servers (credit nuxi).
* Check for TLS Fallback SCSV support.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_1.txt
new/sslscan-2.0.10/docker_test/expected_output/test_1.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_1.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_1.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[31menabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 enabled
+TLSv1.1 �[33menabled�[0m
TLSv1.2 enabled
TLSv1.3 �[33mdisabled�[0m
@@ -56,25 +56,25 @@
Accepted TLSv1.2 �[32m128�[0m bits �[33mRC4-SHA �[0m
Accepted TLSv1.2 �[32m128�[0m bits �[33mRC4-MD5 �[0m
Accepted TLSv1.2 �[32m112�[0m bits �[33mDES-CBC3-SHA �[0m
-�[32mPreferred�[0m TLSv1.1 �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m256�[0m bits DHE-RSA-AES256-SHA DHE 2048
bits
-Accepted TLSv1.1 �[32m256�[0m bits DHE-RSA-CAMELLIA256-SHA DHE 2048
bits
-Accepted TLSv1.1 �[32m128�[0m bits ECDHE-RSA-AES128-SHA Curve
P-256 DHE 256
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-AES128-SHA DHE 2048
bits
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-SEED-SHA DHE 2048
bits
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-CAMELLIA128-SHA DHE 2048
bits
-Accepted TLSv1.1 �[32m128�[0m bits �[33mECDHE-RSA-RC4-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m112�[0m bits �[33mECDHE-RSA-DES-CBC3-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m112�[0m bits �[33mDHE-RSA-DES-CBC3-SHA �[0m
DHE 2048 bits
-Accepted TLSv1.1 �[32m256�[0m bits AES256-SHA
-Accepted TLSv1.1 �[32m256�[0m bits CAMELLIA256-SHA
-Accepted TLSv1.1 �[32m128�[0m bits AES128-SHA
-Accepted TLSv1.1 �[32m128�[0m bits SEED-SHA
-Accepted TLSv1.1 �[32m128�[0m bits CAMELLIA128-SHA
-Accepted TLSv1.1 �[32m128�[0m bits IDEA-CBC-SHA
-Accepted TLSv1.1 �[32m128�[0m bits �[33mRC4-SHA �[0m
-Accepted TLSv1.1 �[32m128�[0m bits �[33mRC4-MD5 �[0m
-Accepted TLSv1.1 �[32m112�[0m bits �[33mDES-CBC3-SHA �[0m
+�[32mPreferred�[0m �[33mTLSv1.1�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits DHE-RSA-CAMELLIA256-SHA
DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits ECDHE-RSA-AES128-SHA
Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-AES128-SHA
DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-SEED-SHA
DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-CAMELLIA128-SHA
DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[33mECDHE-RSA-RC4-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[33mECDHE-RSA-DES-CBC3-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[33mDHE-RSA-DES-CBC3-SHA
�[0m DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits AES256-SHA
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits CAMELLIA256-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits AES128-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits SEED-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits CAMELLIA128-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits IDEA-CBC-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[33mRC4-SHA
�[0m
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[33mRC4-MD5
�[0m
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[33mDES-CBC3-SHA
�[0m
�[32mPreferred�[0m �[33mTLSv1.0�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve P-256 DHE 256
Accepted �[33mTLSv1.0�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE 2048 bits
Accepted �[33mTLSv1.0�[0m �[32m256�[0m bits DHE-RSA-CAMELLIA256-SHA
DHE 2048 bits
@@ -98,23 +98,6 @@
�[1;34mServer Key Exchange Group(s):�[0m
TLSv1.2 �[32m128�[0m bits secp256r1 (NIST P-256)�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.2 �[31mrsa_pkcs1_sha1�[0m
-TLSv1.2 �[31mdsa_sha1�[0m
-TLSv1.2 �[31mecdsa_sha1�[0m
-TLSv1.2 �[33mrsa_pkcs1_sha224�[0m
-TLSv1.2 �[31mdsa_sha224�[0m
-TLSv1.2 �[33mecdsa_sha224�[0m
-TLSv1.2 rsa_pkcs1_sha256�[0m
-TLSv1.2 �[31mdsa_sha256�[0m
-TLSv1.2 ecdsa_secp256r1_sha256�[0m
-TLSv1.2 rsa_pkcs1_sha384�[0m
-TLSv1.2 �[31mdsa_sha384�[0m
-TLSv1.2 ecdsa_secp384r1_sha384�[0m
-TLSv1.2 rsa_pkcs1_sha512�[0m
-TLSv1.2 �[31mdsa_sha512�[0m
-TLSv1.2 ecdsa_secp521r1_sha512�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
RSA Key Strength: 2048
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_10.txt
new/sslscan-2.0.10/docker_test/expected_output/test_10.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_10.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_10.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 enabled
TLSv1.3 �[33mdisabled�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_11.txt
new/sslscan-2.0.10/docker_test/expected_output/test_11.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_11.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_11.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,9 +7,9 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 enabled
+TLSv1.1 �[33menabled�[0m
TLSv1.2 enabled
-TLSv1.3 �[32menabled�[0m
+TLSv1.3 �[33mdisabled�[0m
�[1;34mOCSP Stapling Request:�[0m
OCSP Response Status: successful (0x0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_12.txt
new/sslscan-2.0.10/docker_test/expected_output/test_12.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_12.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_12.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[31menabled�[0m
SSLv3 �[31menabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 disabled
TLSv1.3 �[33mdisabled�[0m
@@ -49,9 +49,6 @@
�[1;34mServer Key Exchange Group(s):�[0m
TLSv1.0 �[32m128�[0m bits secp256r1 (NIST P-256)�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.0�[33m Server accepts all signature algorithms.�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[31mmd5WithRSAEncryption�[0m
RSA Key Strength: �[31m512�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_13.txt
new/sslscan-2.0.10/docker_test/expected_output/test_13.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_13.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_13.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 enabled
+TLSv1.1 �[33menabled�[0m
TLSv1.2 enabled
TLSv1.3 �[32menabled�[0m
@@ -49,12 +49,12 @@
Accepted TLSv1.2 �[32m128�[0m bits AES128-CCM
Accepted TLSv1.2 �[32m256�[0m bits AES256-SHA
Accepted TLSv1.2 �[32m128�[0m bits AES128-SHA
-�[32mPreferred�[0m TLSv1.1 �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
-Accepted TLSv1.1 �[32m256�[0m bits DHE-RSA-AES256-SHA DHE 2048
bits
-Accepted TLSv1.1 �[32m128�[0m bits ECDHE-RSA-AES128-SHA Curve
�[32m25519�[0m DHE 253
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-AES128-SHA DHE 2048
bits
-Accepted TLSv1.1 �[32m256�[0m bits AES256-SHA
-Accepted TLSv1.1 �[32m128�[0m bits AES128-SHA
+�[32mPreferred�[0m �[33mTLSv1.1�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits ECDHE-RSA-AES128-SHA
Curve �[32m25519�[0m DHE 253
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-AES128-SHA
DHE 2048 bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits AES256-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits AES128-SHA
�[32mPreferred�[0m �[33mTLSv1.0�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
Accepted �[33mTLSv1.0�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE 2048 bits
Accepted �[33mTLSv1.0�[0m �[32m128�[0m bits ECDHE-RSA-AES128-SHA
Curve �[32m25519�[0m DHE 253
@@ -77,15 +77,9 @@
TLSv1.2 �[32m260�[0m bits secp521r1 (NIST P-521)�[0m
TLSv1.2 �[32m128�[0m bits �[32mx25519�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.3 rsa_pss_rsae_sha256�[0m
-TLSv1.3 rsa_pss_rsae_sha384�[0m
-TLSv1.3 rsa_pss_rsae_sha512�[0m
-TLSv1.2�[33m Server accepts all signature algorithms.�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
-RSA Key Strength: 3072
+RSA Key Strength: �[32m3072�[0m
Subject: lmgtfy.com
Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_14.txt
new/sslscan-2.0.10/docker_test/expected_output/test_14.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_14.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_14.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 enabled
TLSv1.3 �[32menabled�[0m
@@ -53,15 +53,9 @@
TLSv1.3 �[32m192�[0m bits ffdhe8192�[0m
TLSv1.2 �[32m260�[0m bits secp521r1 (NIST P-521)�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.3 rsa_pss_rsae_sha256�[0m
-TLSv1.3 rsa_pss_rsae_sha384�[0m
-TLSv1.3 rsa_pss_rsae_sha512�[0m
-TLSv1.2�[33m Server accepts all signature algorithms.�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
-RSA Key Strength: 3072
+RSA Key Strength: �[32m3072�[0m
Subject: lmgtfy.com
Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_15.txt
new/sslscan-2.0.10/docker_test/expected_output/test_15.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_15.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_15.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 enabled
+TLSv1.1 �[33menabled�[0m
TLSv1.2 enabled
TLSv1.3 �[32menabled�[0m
@@ -38,8 +38,8 @@
Accepted TLSv1.2 �[32m128�[0m bits ECDHE-ECDSA-AES128-CCM Curve
�[32m25519�[0m DHE 253
Accepted TLSv1.2 �[32m256�[0m bits ECDHE-ECDSA-AES256-SHA Curve
�[32m25519�[0m DHE 253
Accepted TLSv1.2 �[32m128�[0m bits ECDHE-ECDSA-AES128-SHA Curve
�[32m25519�[0m DHE 253
-�[32mPreferred�[0m TLSv1.1 �[32m256�[0m bits ECDHE-ECDSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
-Accepted TLSv1.1 �[32m128�[0m bits ECDHE-ECDSA-AES128-SHA Curve
�[32m25519�[0m DHE 253
+�[32mPreferred�[0m �[33mTLSv1.1�[0m �[32m256�[0m bits ECDHE-ECDSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits ECDHE-ECDSA-AES128-SHA
Curve �[32m25519�[0m DHE 253
�[32mPreferred�[0m �[33mTLSv1.0�[0m �[32m256�[0m bits ECDHE-ECDSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
Accepted �[33mTLSv1.0�[0m �[32m128�[0m bits ECDHE-ECDSA-AES128-SHA
Curve �[32m25519�[0m DHE 253
@@ -58,13 +58,6 @@
TLSv1.2 �[32m260�[0m bits secp521r1 (NIST P-521)�[0m
TLSv1.2 �[32m128�[0m bits �[32mx25519�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.3 ecdsa_secp256r1_sha256�[0m
-TLSv1.2 �[31mecdsa_sha1�[0m
-TLSv1.2 ecdsa_secp256r1_sha256�[0m
-TLSv1.2 ecdsa_secp384r1_sha384�[0m
-TLSv1.2 ecdsa_secp521r1_sha512�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
ECC Curve Name: prime256v1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_16.txt
new/sslscan-2.0.10/docker_test/expected_output/test_16.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_16.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_16.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 enabled
TLSv1.3 �[33mdisabled�[0m
@@ -50,23 +50,6 @@
�[1;34mServer Key Exchange Group(s):�[0m
TLSv1.2 �[31m81�[0m bits �[31msect163k1�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.2 �[31mrsa_pkcs1_sha1�[0m
-TLSv1.2 �[31mdsa_sha1�[0m
-TLSv1.2 �[31mecdsa_sha1�[0m
-TLSv1.2 �[33mrsa_pkcs1_sha224�[0m
-TLSv1.2 �[31mdsa_sha224�[0m
-TLSv1.2 �[33mecdsa_sha224�[0m
-TLSv1.2 rsa_pkcs1_sha256�[0m
-TLSv1.2 �[31mdsa_sha256�[0m
-TLSv1.2 ecdsa_secp256r1_sha256�[0m
-TLSv1.2 rsa_pkcs1_sha384�[0m
-TLSv1.2 �[31mdsa_sha384�[0m
-TLSv1.2 ecdsa_secp384r1_sha384�[0m
-TLSv1.2 rsa_pkcs1_sha512�[0m
-TLSv1.2 �[31mdsa_sha512�[0m
-TLSv1.2 ecdsa_secp521r1_sha512�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
RSA Key Strength: �[31m1024�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_17.txt
new/sslscan-2.0.10/docker_test/expected_output/test_17.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_17.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_17.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 enabled
TLSv1.3 �[33mdisabled�[0m
@@ -41,15 +41,6 @@
�[1;34mServer Key Exchange Group(s):�[0m
TLSv1.2 �[32m256�[0m bits brainpoolP512r1�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.2 �[31mrsa_pkcs1_sha1�[0m
-TLSv1.2 �[33mrsa_pkcs1_sha224�[0m
-TLSv1.2 rsa_pkcs1_sha256�[0m
-TLSv1.2 rsa_pkcs1_sha384�[0m
-TLSv1.2 rsa_pkcs1_sha512�[0m
-TLSv1.2 rsa_pss_rsae_sha256�[0m
-TLSv1.2 rsa_pss_rsae_sha384�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
RSA Key Strength: �[31m1024�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sslscan-2.0.6/docker_test/expected_output/test_18.txt
new/sslscan-2.0.10/docker_test/expected_output/test_18.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_18.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_18.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 enabled
TLSv1.3 �[33mdisabled�[0m
@@ -34,9 +34,6 @@
TLSv1.2 �[32m260�[0m bits secp521r1 (NIST P-521)�[0m
TLSv1.2 �[32m128�[0m bits �[32mx25519�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.2 �[31mecdsa_sha1�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
ECC Curve Name: prime256v1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_2.txt
new/sslscan-2.0.10/docker_test/expected_output/test_2.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_2.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_2.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[31menabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 disabled
TLSv1.3 �[33mdisabled�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_3.txt
new/sslscan-2.0.10/docker_test/expected_output/test_3.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_3.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_3.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[31menabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 disabled
TLSv1.3 �[33mdisabled�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_4.txt
new/sslscan-2.0.10/docker_test/expected_output/test_4.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_4.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_4.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 enabled
+TLSv1.1 �[33menabled�[0m
TLSv1.2 enabled
TLSv1.3 �[32menabled�[0m
@@ -50,12 +50,12 @@
Accepted TLSv1.2 �[32m128�[0m bits AES128-SHA256
Accepted TLSv1.2 �[32m256�[0m bits AES256-SHA
Accepted TLSv1.2 �[32m128�[0m bits AES128-SHA
-�[32mPreferred�[0m TLSv1.1 �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
-Accepted TLSv1.1 �[32m256�[0m bits DHE-RSA-AES256-SHA DHE 3072
bits
-Accepted TLSv1.1 �[32m128�[0m bits ECDHE-RSA-AES128-SHA Curve
�[32m25519�[0m DHE 253
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-AES128-SHA DHE 3072
bits
-Accepted TLSv1.1 �[32m256�[0m bits AES256-SHA
-Accepted TLSv1.1 �[32m128�[0m bits AES128-SHA
+�[32mPreferred�[0m �[33mTLSv1.1�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE 3072 bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits ECDHE-RSA-AES128-SHA
Curve �[32m25519�[0m DHE 253
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-AES128-SHA
DHE 3072 bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits AES256-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits AES128-SHA
�[32mPreferred�[0m �[33mTLSv1.0�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve �[32m25519�[0m DHE 253
Accepted �[33mTLSv1.0�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE 3072 bits
Accepted �[33mTLSv1.0�[0m �[32m128�[0m bits ECDHE-RSA-AES128-SHA
Curve �[32m25519�[0m DHE 253
@@ -75,22 +75,9 @@
TLSv1.2 �[32m128�[0m bits �[32mx25519�[0m
TLSv1.2 �[32m224�[0m bits �[32mx448�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.3 rsa_pss_rsae_sha256�[0m
-TLSv1.3 rsa_pss_rsae_sha384�[0m
-TLSv1.3 rsa_pss_rsae_sha512�[0m
-TLSv1.2 �[31mrsa_pkcs1_sha1�[0m
-TLSv1.2 �[33mrsa_pkcs1_sha224�[0m
-TLSv1.2 rsa_pkcs1_sha256�[0m
-TLSv1.2 rsa_pkcs1_sha384�[0m
-TLSv1.2 rsa_pkcs1_sha512�[0m
-TLSv1.2 rsa_pss_rsae_sha256�[0m
-TLSv1.2 rsa_pss_rsae_sha384�[0m
-TLSv1.2 rsa_pss_rsae_sha512�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
-RSA Key Strength: 3072
+RSA Key Strength: �[32m3072�[0m
Subject: lmgtfy.com
Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_5.txt
new/sslscan-2.0.10/docker_test/expected_output/test_5.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_5.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_5.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[31menabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 enabled
+TLSv1.1 �[33menabled�[0m
TLSv1.2 enabled
TLSv1.3 �[33mdisabled�[0m
@@ -77,42 +77,42 @@
Accepted TLSv1.2 �[31m56�[0m bits �[33mTLS_RSA_WITH_DES_CBC_SHA �[0m
Accepted TLSv1.2 �[31m56�[0m bits �[33mTLS_DHE_RSA_WITH_DES_CBC_SHA �[0m
Accepted TLSv1.2 �[31m56�[0m bits �[35mTLS_DH_anon_WITH_DES_CBC_SHA �[0m
-�[32mPreferred�[0m TLSv1.1 �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m256�[0m bits DHE-RSA-AES256-SHA DHE
�[33m1024�[0m bits
-Accepted TLSv1.1 �[32m256�[0m bits DHE-RSA-CAMELLIA256-SHA DHE
�[33m1024�[0m bits
-Accepted TLSv1.1 �[32m256�[0m bits �[35mAECDH-AES256-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m256�[0m bits �[35mADH-AES256-SHA �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m256�[0m bits �[35mADH-CAMELLIA256-SHA �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m128�[0m bits ECDHE-RSA-AES128-SHA Curve
P-256 DHE 256
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-AES128-SHA DHE
�[33m1024�[0m bits
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-SEED-SHA DHE
�[33m1024�[0m bits
-Accepted TLSv1.1 �[32m128�[0m bits DHE-RSA-CAMELLIA128-SHA DHE
�[33m1024�[0m bits
-Accepted TLSv1.1 �[32m128�[0m bits �[35mAECDH-AES128-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m128�[0m bits �[35mADH-AES128-SHA �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m128�[0m bits �[35mADH-SEED-SHA �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m128�[0m bits �[35mADH-CAMELLIA128-SHA �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m128�[0m bits �[33mECDHE-RSA-RC4-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m128�[0m bits �[35mAECDH-RC4-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m128�[0m bits �[35mADH-RC4-MD5 �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m112�[0m bits �[33mECDHE-RSA-DES-CBC3-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m112�[0m bits �[33mDHE-RSA-DES-CBC3-SHA �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m112�[0m bits �[35mAECDH-DES-CBC3-SHA �[0m
Curve P-256 DHE 256
-Accepted TLSv1.1 �[32m112�[0m bits �[35mADH-DES-CBC3-SHA �[0m
DHE �[33m1024�[0m bits
-Accepted TLSv1.1 �[32m256�[0m bits AES256-SHA
-Accepted TLSv1.1 �[32m256�[0m bits CAMELLIA256-SHA
-Accepted TLSv1.1 �[32m128�[0m bits AES128-SHA
-Accepted TLSv1.1 �[32m128�[0m bits SEED-SHA
-Accepted TLSv1.1 �[32m128�[0m bits CAMELLIA128-SHA
-Accepted TLSv1.1 �[32m128�[0m bits IDEA-CBC-SHA
-Accepted TLSv1.1 �[32m128�[0m bits �[33mRC4-SHA �[0m
-Accepted TLSv1.1 �[32m128�[0m bits �[33mRC4-MD5 �[0m
-Accepted TLSv1.1 �[32m112�[0m bits �[33mDES-CBC3-SHA �[0m
-Accepted TLSv1.1 �[31m40�[0m bits �[31mTLS_RSA_EXPORT_WITH_RC4_40_MD5�[0m
-Accepted TLSv1.1 �[31m40�[0m bits
�[31mTLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5�[0m
-Accepted TLSv1.1 �[31m40�[0m bits
�[31mTLS_RSA_EXPORT_WITH_DES40_CBC_SHA�[0m
-Accepted TLSv1.1 �[31m56�[0m bits �[33mTLS_RSA_WITH_DES_CBC_SHA �[0m
-Accepted TLSv1.1 �[31m56�[0m bits �[33mTLS_DHE_RSA_WITH_DES_CBC_SHA �[0m
-Accepted TLSv1.1 �[31m56�[0m bits �[35mTLS_DH_anon_WITH_DES_CBC_SHA �[0m
+�[32mPreferred�[0m �[33mTLSv1.1�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits DHE-RSA-CAMELLIA256-SHA
DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits �[35mAECDH-AES256-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits �[35mADH-AES256-SHA
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits �[35mADH-CAMELLIA256-SHA
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits ECDHE-RSA-AES128-SHA
Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-AES128-SHA
DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-SEED-SHA
DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits DHE-RSA-CAMELLIA128-SHA
DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[35mAECDH-AES128-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[35mADH-AES128-SHA
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[35mADH-SEED-SHA
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[35mADH-CAMELLIA128-SHA
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[33mECDHE-RSA-RC4-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[35mAECDH-RC4-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[35mADH-RC4-MD5
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[33mECDHE-RSA-DES-CBC3-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[33mDHE-RSA-DES-CBC3-SHA
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[35mAECDH-DES-CBC3-SHA
�[0m Curve P-256 DHE 256
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[35mADH-DES-CBC3-SHA
�[0m DHE �[33m1024�[0m bits
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits AES256-SHA
+Accepted �[33mTLSv1.1�[0m �[32m256�[0m bits CAMELLIA256-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits AES128-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits SEED-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits CAMELLIA128-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits IDEA-CBC-SHA
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[33mRC4-SHA
�[0m
+Accepted �[33mTLSv1.1�[0m �[32m128�[0m bits �[33mRC4-MD5
�[0m
+Accepted �[33mTLSv1.1�[0m �[32m112�[0m bits �[33mDES-CBC3-SHA
�[0m
+Accepted �[33mTLSv1.1�[0m �[31m40�[0m bits
�[31mTLS_RSA_EXPORT_WITH_RC4_40_MD5�[0m
+Accepted �[33mTLSv1.1�[0m �[31m40�[0m bits
�[31mTLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5�[0m
+Accepted �[33mTLSv1.1�[0m �[31m40�[0m bits
�[31mTLS_RSA_EXPORT_WITH_DES40_CBC_SHA�[0m
+Accepted �[33mTLSv1.1�[0m �[31m56�[0m bits �[33mTLS_RSA_WITH_DES_CBC_SHA
�[0m
+Accepted �[33mTLSv1.1�[0m �[31m56�[0m bits
�[33mTLS_DHE_RSA_WITH_DES_CBC_SHA �[0m
+Accepted �[33mTLSv1.1�[0m �[31m56�[0m bits
�[35mTLS_DH_anon_WITH_DES_CBC_SHA �[0m
�[32mPreferred�[0m �[33mTLSv1.0�[0m �[32m256�[0m bits ECDHE-RSA-AES256-SHA
Curve P-256 DHE 256
Accepted �[33mTLSv1.0�[0m �[32m256�[0m bits DHE-RSA-AES256-SHA
DHE �[33m1024�[0m bits
Accepted �[33mTLSv1.0�[0m �[32m256�[0m bits DHE-RSA-CAMELLIA256-SHA
DHE �[33m1024�[0m bits
@@ -153,23 +153,6 @@
�[1;34mServer Key Exchange Group(s):�[0m
TLSv1.2 �[32m128�[0m bits secp256r1 (NIST P-256)�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.2 �[31mrsa_pkcs1_sha1�[0m
-TLSv1.2 �[31mdsa_sha1�[0m
-TLSv1.2 �[31mecdsa_sha1�[0m
-TLSv1.2 �[33mrsa_pkcs1_sha224�[0m
-TLSv1.2 �[31mdsa_sha224�[0m
-TLSv1.2 �[33mecdsa_sha224�[0m
-TLSv1.2 rsa_pkcs1_sha256�[0m
-TLSv1.2 �[31mdsa_sha256�[0m
-TLSv1.2 ecdsa_secp256r1_sha256�[0m
-TLSv1.2 rsa_pkcs1_sha384�[0m
-TLSv1.2 �[31mdsa_sha384�[0m
-TLSv1.2 ecdsa_secp384r1_sha384�[0m
-TLSv1.2 rsa_pkcs1_sha512�[0m
-TLSv1.2 �[31mdsa_sha512�[0m
-TLSv1.2 ecdsa_secp521r1_sha512�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
RSA Key Strength: �[31m1024�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_6.txt
new/sslscan-2.0.10/docker_test/expected_output/test_6.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_6.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_6.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 disabled
TLSv1.3 �[32menabled�[0m
@@ -37,14 +37,9 @@
TLSv1.3 �[32m128�[0m bits �[32mx25519�[0m
TLSv1.3 �[32m224�[0m bits �[32mx448�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.3 rsa_pss_rsae_sha256�[0m
-TLSv1.3 rsa_pss_rsae_sha384�[0m
-TLSv1.3 rsa_pss_rsae_sha512�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
-RSA Key Strength: 3072
+RSA Key Strength: �[32m3072�[0m
Subject: lmgtfy.com
Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_7.txt
new/sslscan-2.0.10/docker_test/expected_output/test_7.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_7.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_7.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[31menabled�[0m
SSLv3 �[31menabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 disabled
TLSv1.3 �[33mdisabled�[0m
@@ -49,12 +49,9 @@
�[1;34mServer Key Exchange Group(s):�[0m
TLSv1.0 �[32m128�[0m bits secp256r1 (NIST P-256)�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.0�[33m Server accepts all signature algorithms.�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
-RSA Key Strength: 3072
+RSA Key Strength: �[32m3072�[0m
Subject: lmgtfy.com
Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_8.txt
new/sslscan-2.0.10/docker_test/expected_output/test_8.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_8.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_8.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[31menabled�[0m
SSLv3 �[31menabled�[0m
TLSv1.0 �[33menabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 disabled
TLSv1.3 �[33mdisabled�[0m
@@ -71,12 +71,9 @@
�[1;34mServer Key Exchange Group(s):�[0m
TLSv1.0 �[32m128�[0m bits secp256r1 (NIST P-256)�[0m
- �[1;34mServer Signature Algorithm(s):�[0m
-TLSv1.0�[33m Server accepts all signature algorithms.�[0m
-
�[1;34mSSL Certificate:�[0m
Signature Algorithm: �[32msha256WithRSAEncryption�[0m
-RSA Key Strength: 3072
+RSA Key Strength: �32m3072�0m
Subject: lmgtfy.com
Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/docker_test/expected_output/test_9.txt
new/sslscan-2.0.10/docker_test/expected_output/test_9.txt
--- old/sslscan-2.0.6/docker_test/expected_output/test_9.txt 2020-10-31
15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/docker_test/expected_output/test_9.txt 2021-04-27
17:38:51.000000000 +0200
@@ -7,7 +7,7 @@
SSLv2 �[32mdisabled�[0m
SSLv3 �[32mdisabled�[0m
TLSv1.0 �[32mdisabled�[0m
-TLSv1.1 disabled
+TLSv1.1 �[32mdisabled�[0m
TLSv1.2 enabled
TLSv1.3 �[33mdisabled�[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/sslscan.1 new/sslscan-2.0.10/sslscan.1
--- old/sslscan-2.0.6/sslscan.1 2020-10-31 15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/sslscan.1 2021-04-27 17:38:51.000000000 +0200
@@ -127,8 +127,8 @@
.B \-\-no\-groups
Do not enumerate key exchange groups
.TP
-.B \-\-no\-sigs
-Do not enumerate signature algorithms
+.B \-\-show\-sigs
+Enumerate signature algorithms
.TP
.B \-\-starttls\-ftp
STARTTLS setup for FTP
@@ -172,6 +172,10 @@
.br
Set socket timeout. Useful for hosts that fail to respond to ciphers they
don't understand. Default is 3s.
.TP
+.B \-\-connect\-timeout=<sec>
+.br
+Set initial connection timeout. Useful for hosts that are slow to respond to
the initial connect(). Default is 75s.
+.TP
.B \-\-sleep=<msec>
.br
Pause between connections. Useful on STARTTLS SMTP services, or anything else
that's performing rate limiting. Default is disabled.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/sslscan.c new/sslscan-2.0.10/sslscan.c
--- old/sslscan-2.0.6/sslscan.c 2020-10-31 15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/sslscan.c 2021-04-27 17:38:51.000000000 +0200
@@ -45,6 +45,7 @@
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdint.h>
+ #include <winbase.h>
#ifdef _MSC_VER
// For access().
#include <io.h>
@@ -89,6 +90,7 @@
#include <netdb.h>
#include <sys/socket.h>
#include <sys/select.h>
+ #include <fcntl.h>
#endif
#include <string.h>
#include <sys/stat.h>
@@ -288,6 +290,129 @@
return send(sockfd, str, strlen(str), 0);
}
+char *sock_strerror(int err)
+{
+#ifdef _WIN32
+ static char msg[255];
+
+ msg[0] = '\0';
+
+ if (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK,
+ NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), msg,
sizeof(msg), NULL) == 0 || msg[0] == '\0')
+ {
+ sprintf(msg, "Error code %d", err);
+ }
+
+ return msg;
+#else
+ return strerror(err);
+#endif
+}
+
+int tcpConnectSocket(int socket, struct sslCheckOptions *options, char *error,
int errlen)
+{
+ int status = -1, flags, errn = 0, len;
+ fd_set rset, wset, eset;
+ struct timeval tval;
+
+#ifdef _WIN32
+#define INPROGRESS WSAEWOULDBLOCK
+#define sock_errno WSAGetLastError()
+ flags = 1;
+
+ if ((status = ioctlsocket(socket, FIONBIO, (u_long *)&flags)) != 0)
+ {
+ snprintf(error, errlen, "ioctlsocket: %s", sock_strerror(sock_errno));
+ return status;
+ }
+#else
+#define INPROGRESS EINPROGRESS
+#define sock_errno errno
+ if ((flags = fcntl(socket, F_GETFL, 0)) < 0)
+ {
+ snprintf(error, errlen, "fcntl getfl: %s", sock_strerror(sock_errno));
+ return status;
+ }
+
+ if (fcntl(socket, F_SETFL, flags | O_NONBLOCK) < 0)
+ {
+ snprintf(error, errlen, "fcntl setfl: %s", sock_strerror(sock_errno));
+ return status;
+ }
+#endif
+
+ // Connect
+ if (options->h_addrtype == AF_INET)
+ {
+ status = connect(socket, (struct sockaddr *)&options->serverAddress,
sizeof(options->serverAddress));
+ }
+ else // IPv6
+ {
+ status = connect(socket, (struct sockaddr *)&options->serverAddress6,
sizeof(options->serverAddress6));
+ }
+
+ if (status < 0 && sock_errno != INPROGRESS)
+ {
+ snprintf(error, errlen, "connect: %s", sock_strerror(sock_errno));
+ return status;
+ }
+
+ // connect() completed immediately
+ if (status == 0)
+ return status;
+
+ FD_ZERO(&rset);
+ FD_SET(socket, &rset);
+ wset = eset = rset;
+ tval.tv_sec = options->connect_timeout;
+ tval.tv_usec = 0;
+
+ if ((status = select(socket + 1, &rset, &wset, &eset, &tval)) == 0)
+ {
+ snprintf(error, errlen, "connect: Timed out");
+ return -1;
+ }
+ else if (status < 0)
+ {
+ snprintf(error, errlen, "connect: select: %s",
sock_strerror(sock_errno));
+ return status;
+ }
+
+ if (FD_ISSET(socket, &rset) || FD_ISSET(socket, &wset) || FD_ISSET(socket,
&eset))
+ {
+ len = sizeof(errn);
+ if (getsockopt(socket, SOL_SOCKET, SO_ERROR, (void *)&errn, (socklen_t
*)&len) < 0)
+ {
+ snprintf(error, errlen, "connect: getsockopt: %s",
sock_strerror(errn));
+ return -1;
+ }
+ }
+
+ if (errn)
+ {
+ snprintf(error, errlen, "connect: %s", sock_strerror(errn));
+ return -1;
+ }
+
+#ifdef _WIN32
+ flags = 0;
+
+ if ((status = ioctlsocket(socket, FIONBIO, (u_long *)&flags)) != NO_ERROR)
+ {
+ snprintf(error, errlen, "ioctlsocket: %s", sock_strerror(sock_errno));
+ return -1;
+ }
+#else
+ if (fcntl(socket, F_SETFL, flags) < 0)
+ {
+ snprintf(error, errlen, "fcntl setfl: %s", sock_strerror(sock_errno));
+ return -1;
+ }
+#endif
+
+ return status;
+}
+
// Create a TCP socket
int tcpConnect(struct sslCheckOptions *options)
{
@@ -296,11 +421,11 @@
{
SLEEPMS(options->sleep);
}
-
+
// Variables...
int socketDescriptor;
int tlsStarted = 0;
- char buffer[BUFFERSIZE];
+ char buffer[BUFFERSIZE], errmsg[BUFFERSIZE];
int status;
// Create Socket
@@ -324,23 +449,18 @@
// Windows isn't looking for a timeval struct like in UNIX; it wants a
timeout in a DWORD represented in milliseconds...
DWORD timeout = (options->timeout.tv_sec * 1000) +
(options->timeout.tv_usec / 1000);
setsockopt(socketDescriptor, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout,
sizeof(timeout));
+ setsockopt(socketDescriptor, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout,
sizeof(timeout));
#else
- setsockopt(socketDescriptor, SOL_SOCKET, SO_RCVTIMEO, (char
*)&options->timeout,sizeof(struct timeval));
+ setsockopt(socketDescriptor, SOL_SOCKET, SO_RCVTIMEO, (char
*)&options->timeout, sizeof(struct timeval));
+ setsockopt(socketDescriptor, SOL_SOCKET, SO_SNDTIMEO, (char
*)&options->timeout, sizeof(struct timeval));
#endif
- // Connect
- if (options->h_addrtype == AF_INET)
- {
- status = connect(socketDescriptor, (struct sockaddr *)
&options->serverAddress, sizeof(options->serverAddress));
- }
- else // IPv6
- {
- status = connect(socketDescriptor, (struct sockaddr *)
&options->serverAddress6, sizeof(options->serverAddress6));
- }
+ status = tcpConnectSocket(socketDescriptor, options, errmsg, BUFFERSIZE);
if(status < 0)
{
- printf_error("Could not open a connection to host %s (%s) on port
%d.", options->host, options->addrstr, options->port);
+ printf_error("Could not open a connection to host %s (%s) on port %d
(%s).", options->host, options->addrstr,
+ options->port, errmsg);
close(socketDescriptor);
return 0;
}
@@ -383,7 +503,7 @@
tlsStarted = 1;
// Taken from https://github.com/tetlowgm/sslscan/blob/master/sslscan.c
- const char mysqlssl[] = { 0x20, 0x00, 0x00, 0x01, 0x85, 0xae, 0x7f,
0x00,
+ const char mysqlssl[] = { 0x20, 0x00, 0x00, 0x01, 0x85, 0xae, 0x7f,
0x00,
0x00, 0x00, 0x00, 0x01, 0x21, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -542,7 +662,7 @@
if (!readOrLogAndClose(socketDescriptor, buffer, BUFFERSIZE, options))
return 0;
- if (strstr(buffer, ok)) {
+ if (memmem(buffer, BUFFERSIZE, ok, strlen(ok))) {
printf_verbose("STARTLS LDAP setup complete.\n");
}
else if (strstr(buffer, unsupported)) {
@@ -1064,6 +1184,7 @@
else
{
printf("Server %sdoes not%s support TLS
Fallback SCSV\n\n", COL_RED, RESET);
+ printf_xml(" <fallback supported=\"0\" />\n");
}
}
else
@@ -1076,6 +1197,7 @@
if (SSL_get_error(ssl, connStatus == 6))
{
printf("Server %ssupports%s TLS
Fallback SCSV\n\n", COL_GREEN, RESET);
+ printf_xml(" <fallback
supported=\"1\" />\n");
status = false;
}
}
@@ -1589,6 +1711,9 @@
if (strcmp(cleanSslMethod, "TLSv1.3") == 0) {
printf("%sTLSv1.3%s ", COL_GREEN, RESET);
}
+ else if (strcmp(cleanSslMethod, "TLSv1.1") == 0) {
+ printf("%sTLSv1.1%s ", COL_YELLOW, RESET);
+ }
else if (strcmp(cleanSslMethod, "TLSv1.0") == 0) {
printf("%sTLSv1.0%s ", COL_YELLOW, RESET);
} else
@@ -1950,7 +2075,7 @@
{
printf("RSA Key
Strength: %s%d%s\n", COL_RED, keyBits, RESET);
}
- else if (keyBits >= 4096 )
+ else if (keyBits >= 3072 )
{
printf("RSA Key
Strength: %s%d%s\n", COL_GREEN, keyBits, RESET);
}
@@ -2024,7 +2149,7 @@
ASN1_STRING *d;
const char *subject;
const char *issuer;
-
+
// Get SSL cert CN
cnindex = -1;
subj = X509_get_subject_name(x509Cert);
@@ -2084,11 +2209,21 @@
{
char *issuer =
X509_NAME_oneline(X509_get_issuer_name(x509Cert), NULL, 0);
char *color = "";
+ int self_signed = 0;
- if ((subject != NULL) &&
(strcmp(subject, issuer) == 0))
+ if ((subject != NULL) &&
(strcmp(subject, issuer) == 0)) {
color = COL_RED;
+ self_signed = 1;
+ }
printf("%sIssuer: %s%s", color,
issuer, RESET);
printf_xml("
<issuer><![CDATA[%s]]></issuer>\n", issuer);
+
+ if (self_signed) {
+ printf_xml("
<self-signed>true</self-signed>\n");
+ }
+ else {
+ printf_xml("
<self-signed>false</self-signed>\n");
+ }
}
else
{
@@ -2389,7 +2524,7 @@
len = SSL_get_tlsext_status_ocsp_resp(s, &p);
if (p == NULL) {
- BIO_puts(bp, "No OCSP response recieved.\n\n");
+ BIO_puts(bp, "No OCSP response received.\n\n");
goto err;
}
@@ -3332,10 +3467,10 @@
if ((options->sslVersion == ssl_all) || (options->sslVersion == tls_all)
|| (options->sslVersion == tls_v11)) {
if ((options->tls11_supported = checkIfTLSVersionIsSupported(options,
TLSv1_1))) {
- printf("TLSv1.1 enabled\n");
+ printf("TLSv1.1 %senabled%s\n", COL_YELLOW, RESET);
printf_xml(" <protocol type=\"tls\" version=\"1.1\" enabled=\"1\"
/>\n");
} else {
- printf("TLSv1.1 disabled\n");
+ printf("TLSv1.1 %sdisabled%s\n", COL_GREEN, RESET);
printf_xml(" <protocol type=\"tls\" version=\"1.1\" enabled=\"0\"
/>\n");
}
}
@@ -3533,11 +3668,16 @@
// Default certificate details
if (status == true && options->checkCertificate == true)
{
- status = checkCertificateProtocol(options, TLS_client_method());
if (status != false)
- {
+ status = checkCertificateProtocol(options,
TLSv1_3_client_method());
+ if (status != false)
+ status = checkCertificateProtocol(options,
TLSv1_2_client_method());
+ if (status != false)
+ status = checkCertificateProtocol(options,
TLSv1_1_client_method());
+ if (status != false)
+ status = checkCertificateProtocol(options,
TLSv1_client_method());
+ if (status != false)
printf("Certificate information cannot be retrieved.\n\n");
- }
}
printf_xml(" </certificates>\n");
}
@@ -3595,7 +3735,7 @@
sslOptions.compression = true;
sslOptions.heartbleed = true;
sslOptions.groups = true;
- sslOptions.signature_algorithms = true;
+ sslOptions.signature_algorithms = false;
sslOptions.starttls_ftp = false;
sslOptions.starttls_imap = false;
sslOptions.starttls_irc = false;
@@ -3615,6 +3755,8 @@
// Default socket timeout 3s
sslOptions.timeout.tv_sec = 3;
sslOptions.timeout.tv_usec = 0;
+ // Default connect timeout 75s
+ sslOptions.connect_timeout = 75;
sslOptions.sleep = 0;
sslOptions.sslVersion = ssl_all;
@@ -3772,13 +3914,13 @@
else if (strcmp("--no-heartbleed", argv[argLoop]) == 0)
options->heartbleed = false;
- // Should we check for key exchange groups?
- else if (strcmp("--no-groups", argv[argLoop]) == 0)
+ // Should we check for key exchange groups?
+ else if (strcmp("--no-groups", argv[argLoop]) == 0)
options->groups = false;
- // Should we check for signature algorithms?
- else if (strcmp("--no-sigs", argv[argLoop]) == 0)
- options->signature_algorithms = false;
+ // Should we check for signature algorithms?
+ else if (strcmp("--show-sigs", argv[argLoop]) == 0)
+ options->signature_algorithms = true;
// StartTLS... FTP
else if (strcmp("--starttls-ftp", argv[argLoop]) == 0)
@@ -3850,10 +3992,14 @@
else if (strcmp("--bugs", argv[argLoop]) == 0)
options->sslbugs = 1;
- // Socket Timeout
+ // Socket Timeout (both send and receive)
else if (strncmp("--timeout=", argv[argLoop], 10) == 0)
options->timeout.tv_sec = atoi(argv[argLoop] + 10);
+ // Connect Timeout
+ else if (strncmp("--connect-timeout=", argv[argLoop], 18) == 0)
+ options->connect_timeout = atoi(argv[argLoop] + 18);
+
// Sleep between requests (ms)
else if (strncmp("--sleep=", argv[argLoop], 8) == 0)
{
@@ -4070,7 +4216,7 @@
printf(" %s--no-groups%s Do not enumerate key exchange
groups\n", COL_GREEN, RESET);
printf(" %s--no-heartbleed%s Do not check for OpenSSL
Heartbleed (CVE-2014-0160)\n", COL_GREEN, RESET);
printf(" %s--no-renegotiation%s Do not check for TLS
renegotiation\n", COL_GREEN, RESET);
- printf(" %s--no-sigs%s Do not enumerate signature
algorithms\n", COL_GREEN, RESET);
+ printf(" %s--show-sigs%s Enumerate signature
algorithms\n", COL_GREEN, RESET);
printf("\n");
printf(" %s--starttls-ftp%s STARTTLS setup for FTP\n",
COL_GREEN, RESET);
printf(" %s--starttls-imap%s STARTTLS setup for IMAP\n",
COL_GREEN, RESET);
@@ -4088,6 +4234,7 @@
printf(" %s--no-colour%s Disable coloured output\n",
COL_GREEN, RESET);
printf(" %s--sleep=<msec>%s Pause between connection
request. Default is disabled\n", COL_GREEN, RESET);
printf(" %s--timeout=<sec>%s Set socket timeout. Default is
3s\n", COL_GREEN, RESET);
+ printf(" %s--connect-timeout=<sec>%s Set connect timeout.
Default is 75s\n", COL_GREEN, RESET);
printf(" %s--verbose%s Display verbose output\n",
COL_GREEN, RESET);
printf(" %s--version%s Display the program version\n",
COL_GREEN, RESET);
printf(" %s--xml=<file>%s Output results to an XML file.
Use - for STDOUT.\n", COL_GREEN, RESET);
@@ -4661,30 +4808,7 @@
tls_extensions = makeTLSExtensions(options, 1);
- if (tls_version == TLSv1_2) {
- /* Extension: supported_groups */
- bs_append_bytes(tls_extensions, (unsigned char []) {
- 0x00, 0x0a, // Extension: supported_groups (10)
- 0x00, 0x1c, // Extension Length (28)
- 0x00, 0x1a, // Supported Groups List Length (26)
- 0x00, 0x17, // secp256r1
- 0x00, 0x19, // secp521r1
- 0x00, 0x1c, // brainpoolP512r1
- 0x00, 0x1b, // brainpoolP384r1
- 0x00, 0x18, // secp384r1
- 0x00, 0x1a, // brainpoolP256r1
- 0x00, 0x16, // secp256k1
- 0x00, 0x0e, // sect571r1
- 0x00, 0x0d, // sect571k1
- 0x00, 0x0b, // sect409k1
- 0x00, 0x0c, // sect409r1
- 0x00, 0x09, // sect283k1
- 0x00, 0x0a, // sect283r1
- }, 32);
-
- /* Update the length of the extensions. */
- tlsExtensionUpdateLength(tls_extensions);
- } else if (tls_version == TLSv1_3) {
+ if (tls_version == TLSv1_3) {
/* Extension: supported_groups */
bs_append_bytes(tls_extensions, (unsigned char []) {
0x00, 0x0a, // Extension: supported_groups (10)
@@ -4710,6 +4834,29 @@
/* Update the length of the extensions. */
tlsExtensionUpdateLength(tls_extensions);
+ } else {
+ /* Extension: supported_groups */
+ bs_append_bytes(tls_extensions, (unsigned char []) {
+ 0x00, 0x0a, // Extension: supported_groups (10)
+ 0x00, 0x1c, // Extension Length (28)
+ 0x00, 0x1a, // Supported Groups List Length (26)
+ 0x00, 0x17, // secp256r1
+ 0x00, 0x19, // secp521r1
+ 0x00, 0x1c, // brainpoolP512r1
+ 0x00, 0x1b, // brainpoolP384r1
+ 0x00, 0x18, // secp384r1
+ 0x00, 0x1a, // brainpoolP256r1
+ 0x00, 0x16, // secp256k1
+ 0x00, 0x0e, // sect571r1
+ 0x00, 0x0d, // sect571k1
+ 0x00, 0x0b, // sect409k1
+ 0x00, 0x0c, // sect409r1
+ 0x00, 0x09, // sect283k1
+ 0x00, 0x0a, // sect283r1
+ }, 32);
+
+ /* Update the length of the extensions. */
+ tlsExtensionUpdateLength(tls_extensions);
}
ciphersuite_list = makeCiphersuiteListAll(tls_version);
@@ -5701,7 +5848,7 @@
/* If the server accepted our bogus signature ID, then we can conclude
that it will accept all of them (and not test any further). Some servers in
the wild do this for some reason... */
if (sig_id == BOGUS_SIG_ALG_ID) {
- printf("%s%s Server accepts all signature algorithms.%s\n",
getPrintableTLSName(tls_version), COL_YELLOW, RESET);
+ printf("%s%s Server accepts all signature algorithms.%s\n",
getPrintableTLSName(tls_version), COL_RED, RESET);
printf_xml(" <connection-signature-algorithm sslversion=\"%s\"
name=\"ANY\" id=\"0xfdff\" />\n", getPrintableTLSName(tls_version));
goto done;
} else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sslscan-2.0.6/sslscan.h new/sslscan-2.0.10/sslscan.h
--- old/sslscan-2.0.6/sslscan.h 2020-10-31 15:33:21.000000000 +0100
+++ new/sslscan-2.0.10/sslscan.h 2021-04-27 17:38:51.000000000 +0200
@@ -192,6 +192,7 @@
struct sockaddr_in serverAddress;
struct sockaddr_in6 serverAddress6;
struct timeval timeout;
+ int connect_timeout;
unsigned int sleep;
// SSL Variables...
