Christian M. Grube 🐧Apr 24, 2025

#testssl released 3.2.0

Testing TLS/SSL encryption anywhere on any port

#adminlife #opensource #security
https://github.com/testssl/testssl.sh/releases/tag/v3.2.0

Release Final version 3.2.0 · testssl/testssl.sh

This is the final version 3.2.0 of testssl.sh which brings tons of new features over 3.0. For details see the change log. There will be soon one last bugfix release for the 3.0 branch before it'll ...

GitHub
testssl.sh Mar 24, 2024

looking forward #testssl.sh needs #HTTPS RR check (DNS), see e.g. https://developer.mozilla.org/en-US/docs/Glossary/HTTPS_RR

https://github.com/drwetter/testssl.sh/issues/2482

HTTPS RR - MDN Web Docs Glossary: Definitions of Web-related terms | MDN

HTTPS RR (HTTPS Resource Records) are a type of DNS record that delivers configuration information and parameters for how to access a service via HTTPS.

MDN Web Docs
testssl.sh Feb 20, 2024

Just wanted to start moving things on github from my personal account to "testssl". That is overdue as I feel I often get flowers for something I don´t deserve.

Realized though github/testssl is taken. 😠

A) If you're the one who took it, please turn it over to the project

B) Which one @ github's abuse form is the right one? Problem is: there are only a few real choices presenting a form to submit. Or are there other ways contacting github

How to tackle this?

#testssl #abuse #github

testssl.sh Feb 20, 2024

Can anybody help to do some baseline testing for #mTLS @ #testssl.sh:

https://github.com/drwetter/testssl.sh/pull/2461

Add mTLS new feature to support scans with client authentication by akabe1 · Pull Request #2461 · drwetter/testssl.sh

This PR adds a new feature to support mutual TLS, a new cmd line option --mTLS <client cert> is added to perform scans when the remote server requires client authentication. It requires that user s...

GitHub
testssl.sh Nov 10, 2023

#testssl.sh warns now if a #wildcard #certificate is encountered including a link how you can find out where else the certificate is being used.

See branch 3.2 @ https://github.com/drwetter/testssl.sh/

GitHub - drwetter/testssl.sh: Testing TLS/SSL encryption anywhere on any port

Testing TLS/SSL encryption anywhere on any port . Contribute to drwetter/testssl.sh development by creating an account on GitHub.

GitHub
Felix 🇨🇦 🇩🇪 🇺🇦Oct 16, 2023

So grateful for tools like #sshaudit and #testssl. It enormously helps to stay up to date with security related configurations.

https://github.com/jtesta/ssh-audit
https://testssl.sh/

GitHub - jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) - jtesta/ssh-audit

GitHub
Show threadMark GardnerApr 20, 2023

@grin @sullybiker The main problem with #shell scripts is that they’re glue for other commands that may or may not be installed and may or may not be the same as those used by the author.

It’s why #dehydrated has so much logic detecting the installed flavor of awk, sed, grep, diff, et al. “Portable” shell is like portable #C—riddled with brittle environmental tests (thus begetting things like #GNU #Autotools).

Even #testssl admitted defeat and can run from a #Docker #container now.

testssl.sh Feb 5, 2023

#testssl.sh: On Wednesday there'll be in 3.2rc2 a change which might break things in postprocessors which use JSON/CSV.

(https://github.com/drwetter/testssl.sh/pull/2321)

Rename 3 jsonIDs in run_cipherlists(): breaking change by drwetter · Pull Request #2321 · drwetter/testssl.sh

see #2316 / #2320 AVERAGE --> OBSOLETED GOOD --> STRONG_NOFS STRONG --> STRONG_FS

GitHub
testssl.sh Feb 1, 2023

If you're using #docker images for #testssl.sh you should do a "git pull".

#musl libc seems to have performance problems wrt #glibc .

Thanks to polarathene (https://github.com/drwetter/testssl.sh/issues/2299)

[Feature request] Improve Docker image performance with an alternative base image instead of Alpine · Issue #2299 · drwetter/testssl.sh

Which version are you referring to 3.1dev Please check this repo whether this is a known feature request No existing issue came up after a few searches and browsing of results. The closest I found ...

GitHub
testssl.sh Nov 23, 2022
The forward secrecy section of #testssl.sh now shows also the supported signature algorithms (David); shown here with a bad and a good example: