diff --git a/stubs/FSharp-net/results.md b/stubs/FSharp-net/results.md deleted file mode 100644 index 22196f2..0000000 --- a/stubs/FSharp-net/results.md +++ /dev/null @@ -1,81 +0,0 @@ -``` -Mono JIT compiler version 4.5.2 -F# Compiler for F# 4.1 - -Do not use old compilers if it is not required for some reason. -For example Mono JIT compiler version 4.2.1 which is the currently (7.20.2016) default version -when installed using apt-get FAILS the expired certificate test. - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: FSharp-Net 'Run.exe' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:36162] - SKIP invalid localhost certificate [reject localhost:44585] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: FSharp-Net 'Run.exe' - -[F#-Net][ PASS ][ACCEPT][ Valid cert ][google.com] - -[F#-Net][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -[F#-Net][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[F#-Net][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[F#-Net][ PASS ][REJECT][ expired ][expired.badssl.com] -[F#-Net][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[F#-Net][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[F#-Net][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -[F#-Net][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[F#-Net][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[F#-Net][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[F#-Net][ OK? ][ UNSUPPORTED ][ disable ca-bundles ][badssl.com] -[F#-Net][ OK? ][REJECT][ dh1024 ][dh1024.badssl.com] -[F#-Net][ OK? ][REJECT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -[F#-Net][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[F#-Net][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -[F#-Net][ OK? ][REJECT][ mozilla-modern ][mozilla-modern.badssl.com] -[F#-Net][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -[F#-Net][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -[F#-Net][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -[F#-Net][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[F#-Net][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -[F#-Net][ OK? ][ACCEPT][ rc4 ][rc4.badssl.com] -[F#-Net][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -[F#-Net][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -[F#-Net][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -[F#-Net][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -[F#-Net][ OK? ][ACCEPT][ very ][very.badssl.com] -[F#-Net][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[F#-Net][ FAIL ][REJECT][ 1000-sans ][1000-sans.badssl.com] -[F#-Net][ FAIL ][REJECT][ dh2048 ][dh2048.badssl.com] - -[F#-Net][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[F#-Net][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[F#-Net][ PASS ][REJECT][ Logjam ][www.ssllabs.com] - -``` diff --git a/stubs/FSharp-net/results.txt b/stubs/FSharp-net/results.txt new file mode 100644 index 0000000..91c9552 --- /dev/null +++ b/stubs/FSharp-net/results.txt @@ -0,0 +1,21 @@ +platform: Linux (Ubuntu 16.04) +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: mono 'Run.exe' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] +PASS expired certificate [reject expired.badssl.com:443] +PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] +PASS self-signed certificate [reject self-signed.badssl.com:443] +PASS SHA-256 signature [accept sha256.badssl.com:443] +FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] +PASS Superfish CA [reject superfish.badssl.com:443] +PASS eDellRoot CA [reject edellroot.badssl.com:443] +PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +PASS protect against the FREAK attack [reject www.ssllabs.com:10444] +PASS protect against the Logjam attack [reject www.ssllabs.com:10445] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:45876] +SKIP invalid localhost certificate [reject localhost:41046] +SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/bash-curl/results.md b/stubs/bash-curl/results.md deleted file mode 100644 index f8338e2..0000000 --- a/stubs/bash-curl/results.md +++ /dev/null @@ -1,112 +0,0 @@ -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: bash run - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - FAIL valid localhost certificate [accept localhost:40809] - PASS invalid localhost certificate [reject localhost:46658] - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] - - -``` - -``` -platform: Linux (Ubuntu 16.04) -runner: bashtls with bash-driver using simplerunner -stub: bash run - -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports SNI ][badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ expired ][expired.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ 1000-sans ][1000-sans.badssl.com] -bash_1 | [bash-curl][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ very ][very.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ rc4 ][rc4.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mozilla-modern ][mozilla-modern.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ dh1024 ][dh1024.badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ dh2048 ][dh2048.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ superfish ][superfish.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -bash_1 | [bash-curl][ FAIL ][ACCEPT][ disable ca-bundles ][badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ correct cert ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ wrong hostname ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ correct cn, wrong san ][localhost] -bash_1 | [bash-curl][ OK? ][ACCEPT][ correct cn, no san ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ expired cert ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ sslv2 supported ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ sslv3 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ tlsv1 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ tlsv1.1 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ tlsv1.2 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports ssl in at least some level ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports high(>128 bit) 'secure' ciphers ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports medium(~128 bit) 'secure' ciphers ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'insecure' ciphers ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'RSA' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'AES256' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'SHA384' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'ECDSA' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'SRP' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'AES' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'DH' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'SHA' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'DSS' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'CAMELLIA256' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'PSK' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'AES128' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'SEED' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'CAMELLIA128' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'ADH' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'SHA256' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'RC4' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'MD5' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'DES' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'EDH' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'ECDH' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'ECDSA' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports '3DES' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'NULL' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -bash_1 | [bash-curl][ PASS ][REJECT][ Freak ][www.ssllabs.com] -bash_1 | [bash-curl][ PASS ][REJECT][ Logjam ][www.ssllabs.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ Valid cert ][google.com] - - - - -``` diff --git a/stubs/bash-curl/results.txt b/stubs/bash-curl/results.txt new file mode 100644 index 0000000..26cac3f --- /dev/null +++ b/stubs/bash-curl/results.txt @@ -0,0 +1,23 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: bash run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + PASS SHA-256 signature [accept sha256.badssl.com:443] + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + PASS protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +ERROR valid localhost certificate [accept localhost:55111] + reason: stub exited with return code 56 + output: Error code: 56, for more info: https://curl.haxx.se/libcurl/c/libcurl-errors.html + PASS invalid localhost certificate [reject localhost:55115] + PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/bash-opensslSClient/results.md b/stubs/bash-opensslSClient/results.md deleted file mode 100644 index 08b63c3..0000000 --- a/stubs/bash-opensslSClient/results.md +++ /dev/null @@ -1,21 +0,0 @@ -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: bash run - PASS expired certificate [reject expired.badssl.com:443] - FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - FAIL protect against an OS X vulnerability [reject www.ssllabs.com:10443] - FAIL protect against the FREAK attack [reject www.ssllabs.com:10444] - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:38736] - FAIL invalid localhost certificate [reject localhost:40748] - -``` diff --git a/stubs/bash-opensslSClient/results.txt b/stubs/bash-opensslSClient/results.txt new file mode 100644 index 0000000..3650e64 --- /dev/null +++ b/stubs/bash-opensslSClient/results.txt @@ -0,0 +1,29 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: bash run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + PASS SHA-256 signature [accept sha256.badssl.com:443] + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +ERROR protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + reason: stub exited with return code 1 + output: 35623:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s23_clnt.c:593: CONNECTED(00000003) +ERROR protect against the FREAK attack [reject www.ssllabs.com:10444] + reason: stub exited with return code 1 + output: depth=2 /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2 verify error:num=20:unable to get local issuer certificate verify return:0 35630:error:1408D0F4:SSL routines:SSL3_GET_KEY_EXCHANGE:unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_clnt.c:1187: CONNECTED(00000003) + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] +ERROR protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + reason: stub exited with return code 1 + output: depth=2 /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority verify error:num=20:unable to get local issuer certificate verify return:0 35644:error:1408D0F4:SSL routines:SSL3_GET_KEY_EXCHANGE:unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_clnt.c:1187: CONNECTED(00000003) +ERROR protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + reason: stub exited with return code 1 + output: depth=2 /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority verify error:num=20:unable to get local issuer certificate verify return:0 35651:error:1408D0F4:SSL routines:SSL3_GET_KEY_EXCHANGE:unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_clnt.c:1187: CONNECTED(00000003) + PASS valid localhost certificate [accept localhost:55085] + FAIL invalid localhost certificate [reject localhost:55087] + FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/c-openssl/results.md b/stubs/c-openssl/results.md deleted file mode 100644 index 6fc7924..0000000 --- a/stubs/c-openssl/results.md +++ /dev/null @@ -1,68 +0,0 @@ -``` -openssl: OpenSSL 1.1.0-pre6-dev -gcc (Ubuntu 5.4.0-6ubuntu1~16.04.1) 5.4.0 20160609 - -platform: Linux (Ubuntu 16.04) -runner: bashtls -stub: c-openssl -``` - -``` -[c-openssl][ PASS ][ACCEPT][ Valid cert ][google.com] -[c-openssl][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[c-openssl][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[c-openssl][ PASS ][REJECT][ Logjam ][www.ssllabs.com] -[c-openssl][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[c-openssl][ PASS ][REJECT][ expired ][expired.badssl.com] -[c-openssl][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[c-openssl][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[c-openssl][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[c-openssl][ PASS ][ACCEPT][ 1000-sans ][1000-sans.badssl.com] -[c-openssl][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[c-openssl][ PASS ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[c-openssl][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[c-openssl][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[c-openssl][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[c-openssl][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[c-openssl][ PASS ][REJECT][ disable ca-bundles ][badssl.com] -[c-openssl][ PASS ][REJECT][ correct cn, wrong san ][localhost] -[c-openssl][ PASS ][REJECT][ expired cert ][localhost] -[c-openssl][ PASS ][REJECT][ sslv2 supported ][localhost] -[c-openssl][ PASS ][REJECT][ sslv3 supported ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'ADH' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'DES' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'ECDSA' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'insecure' ciphers ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'MD5' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'NULL' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'RC4' ][localhost] -[c-openssl][ PASS ][REJECT][ wrong hostname ][localhost] -[c-openssl][ PASS ][ACCEPT][ correct cert ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports '3DES' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'AES' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'AES128' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'AES256' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'DH' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'ECDH' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'EDH' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports high(>128 bit) 'secure' ciphers ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'RSA' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'SHA' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'SHA256' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'SHA384' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports ssl in at least some level ][localhost] -[c-openssl][ PASS ][ACCEPT][ tlsv1.1 supported ][localhost] -[c-openssl][ PASS ][ACCEPT][ tlsv1.2 supported ][localhost] -[c-openssl][ PASS ][ACCEPT][ tlsv1 supported ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'DSS' ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'ECDSA' ][localhost] -[c-openssl][ OK? ][REJECT][ supports medium(~128 bit) 'secure' ciphers ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'PSK' ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'SEED' ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'SRP' ][localhost] -[c-openssl][ OK? ][ACCEPT][ correct cn, no san ][localhost] -[c-openssl][ FAIL ][REJECT][ supports 'CAMELLIA128' ][localhost] -[c-openssl][ FAIL ][REJECT][ supports 'CAMELLIA256' ][localhost] -``` diff --git a/stubs/c-openssl/results.txt b/stubs/c-openssl/results.txt new file mode 100644 index 0000000..54598c2 --- /dev/null +++ b/stubs/c-openssl/results.txt @@ -0,0 +1,21 @@ +platform: Linux (Ubuntu 16.04) +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: './run' +SKIP support for TLS server name indication (SNI) [accept badssl.com:443] +SKIP expired certificate [reject expired.badssl.com:443] +SKIP wrong hostname in certificate [reject wrong.host.badssl.com:443] +SKIP self-signed certificate [reject self-signed.badssl.com:443] +SKIP SHA-256 signature [accept sha256.badssl.com:443] +SKIP 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +SKIP incomplete chain of trust [reject incomplete-chain.badssl.com:443] +SKIP Superfish CA [reject superfish.badssl.com:443] +SKIP eDellRoot CA [reject edellroot.badssl.com:443] +SKIP DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +SKIP protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +SKIP protect against the FREAK attack [reject www.ssllabs.com:10444] +SKIP protect against the Logjam attack [reject www.ssllabs.com:10445] +SKIP protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +SKIP protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +PASS valid localhost certificate [accept localhost:36226] +PASS invalid localhost certificate [reject localhost:32865] +PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/cSharp-Net/results.md b/stubs/cSharp-Net/results.md deleted file mode 100644 index 6f07edb..0000000 --- a/stubs/cSharp-Net/results.md +++ /dev/null @@ -1,81 +0,0 @@ -``` -Mono JIT compiler version 4.5.2 -Mono C# compiler version 4.5.2.0 - -Do not use old compilers if it is not required for some reason. -For example Mono JIT compiler version 4.2.1 which is the currently (7.20.2016) default version -when installed using apt-get FAILS the expired certificate test. - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: cSharp-Net 'Run.exe' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:36162] - SKIP invalid localhost certificate [reject localhost:44585] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: cSharp-Net 'run.exe' - -[C#-Net][ PASS ][ACCEPT][ Valid cert ][google.com] - -[C#-Net][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -[C#-Net][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[C#-Net][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[C#-Net][ PASS ][REJECT][ expired ][expired.badssl.com] -[C#-Net][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[C#-Net][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[C#-Net][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -[C#-Net][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[C#-Net][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[C#-Net][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[C#-Net][ OK? ][ UNSUPPORTED ][ disable ca-bundles ][badssl.com] -[C#-Net][ OK? ][REJECT][ dh1024 ][dh1024.badssl.com] -[C#-Net][ OK? ][REJECT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -[C#-Net][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[C#-Net][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -[C#-Net][ OK? ][REJECT][ mozilla-modern ][mozilla-modern.badssl.com] -[C#-Net][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -[C#-Net][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -[C#-Net][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -[C#-Net][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[C#-Net][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -[C#-Net][ OK? ][ACCEPT][ rc4 ][rc4.badssl.com] -[C#-Net][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -[C#-Net][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -[C#-Net][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -[C#-Net][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -[C#-Net][ OK? ][ACCEPT][ very ][very.badssl.com] -[C#-Net][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[C#-Net][ FAIL ][REJECT][ 1000-sans ][1000-sans.badssl.com] -[C#-Net][ FAIL ][REJECT][ dh2048 ][dh2048.badssl.com] - -[C#-Net][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[C#-Net][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[C#-Net][ PASS ][REJECT][ Logjam ][www.ssllabs.com] - -``` diff --git a/stubs/cSharp-Net/results.txt b/stubs/cSharp-Net/results.txt new file mode 100644 index 0000000..fd7db95 --- /dev/null +++ b/stubs/cSharp-Net/results.txt @@ -0,0 +1,21 @@ +platform: Linux (Ubuntu 16.04) +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: mono 'run.exe' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] +PASS expired certificate [reject expired.badssl.com:443] +PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] +PASS self-signed certificate [reject self-signed.badssl.com:443] +PASS SHA-256 signature [accept sha256.badssl.com:443] +FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] +PASS Superfish CA [reject superfish.badssl.com:443] +PASS eDellRoot CA [reject edellroot.badssl.com:443] +PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +PASS protect against the FREAK attack [reject www.ssllabs.com:10444] +PASS protect against the Logjam attack [reject www.ssllabs.com:10445] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:39737] +SKIP invalid localhost certificate [reject localhost:32835] +SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/dotnet-https/results.md b/stubs/dotnet-https/results.txt similarity index 62% rename from stubs/dotnet-https/results.md rename to stubs/dotnet-https/results.txt index b911d59..ccdec60 100644 --- a/stubs/dotnet-https/results.md +++ b/stubs/dotnet-https/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: docker run 'trytls:dotnet-https' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ stub: docker run 'trytls:dotnet-https' PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:50081] - SKIP invalid localhost certificate [reject localhost:50086] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:55020] + SKIP invalid localhost certificate [reject localhost:55025] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - ``` diff --git a/stubs/go-nethttp/results.md b/stubs/go-nethttp/results.txt similarity index 61% rename from stubs/go-nethttp/results.md rename to stubs/go-nethttp/results.txt index 3e5c18a..099a903 100644 --- a/stubs/go-nethttp/results.md +++ b/stubs/go-nethttp/results.txt @@ -1,7 +1,7 @@ -``` platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) stub: go run 'run.go' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] -PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] -SKIP valid localhost certificate [accept localhost:45675] -SKIP invalid localhost certificate [reject localhost:38316] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:41714] +SKIP invalid localhost certificate [reject localhost:33175] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/haskell-http-client-tls/results.md b/stubs/haskell-http-client-tls/results.txt similarity index 69% rename from stubs/haskell-http-client-tls/results.md rename to stubs/haskell-http-client-tls/results.txt index 854d226..f6184f8 100644 --- a/stubs/haskell-http-client-tls/results.md +++ b/stubs/haskell-http-client-tls/results.txt @@ -1,38 +1,42 @@ -``` -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: docker run '--rm' 'test-http-client-tls' - PASS expired certificate [reject expired.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired)) - FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] - output: 200 OK - PASS self-signed certificate [reject self-signed.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown)) - PASS SHA-256 signature [accept sha256.badssl.com:443] - output: 200 OK - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - output: 200 OK - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS Superfish CA [reject superfish.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS eDellRoot CA [reject edellroot.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - output: HandshakeFailed (Error_Protocol ("bad SignatureRSA for ecdhparams",True,HandshakeFailure)) - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - output: 200 OK -ERROR valid localhost certificate [accept localhost:50880] - reason: stub exited with return code 1 - output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpeXV2El/0 -ERROR invalid localhost certificate [reject localhost:50885] - reason: stub exited with return code 1 - output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpNSbZYo/0 -ERROR use only the given CA bundle, not system's [reject sha256.badssl.com:443] - reason: stub exited with return code 1 - output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpc5FNQm/0 -``` +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: docker run '--rm' 'test-http-client-tls' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + output: 200 OK + PASS expired certificate [reject expired.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired)) + FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] + output: 200 OK + PASS self-signed certificate [reject self-signed.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown)) + PASS SHA-256 signature [accept sha256.badssl.com:443] + output: 200 OK + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + output: 200 OK + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS Superfish CA [reject superfish.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS eDellRoot CA [reject edellroot.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + output: HandshakeFailed (Error_Protocol ("bad SignatureRSA for ecdhparams",True,HandshakeFailure)) + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + output: 200 OK + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") +ERROR valid localhost certificate [accept localhost:54859] + reason: stub exited with return code 1 + output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmplKMh4s/0 +ERROR invalid localhost certificate [reject localhost:54864] + reason: stub exited with return code 1 + output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpfQtFag/0 +ERROR use only the given CA bundle, not system's [reject sha256.badssl.com:443] + reason: stub exited with return code 1 + output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmp88nPhz/0 diff --git a/stubs/haskell-wreq/results.md b/stubs/haskell-wreq/results.md deleted file mode 100644 index 532cb71..0000000 --- a/stubs/haskell-wreq/results.md +++ /dev/null @@ -1,20 +0,0 @@ -``` -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: docker run '--rm' 'test-wreq' - PASS expired certificate [reject expired.badssl.com:443] - FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:54750] - SKIP invalid localhost certificate [reject localhost:54755] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/haskell-wreq/results.txt b/stubs/haskell-wreq/results.txt new file mode 100644 index 0000000..89dc2fd --- /dev/null +++ b/stubs/haskell-wreq/results.txt @@ -0,0 +1,36 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: docker run '--rm' 'test-wreq' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + output: 200 OK + PASS expired certificate [reject expired.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired)) + FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] + output: 200 OK + PASS self-signed certificate [reject self-signed.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown)) + PASS SHA-256 signature [accept sha256.badssl.com:443] + output: 200 OK + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + output: 200 OK + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS Superfish CA [reject superfish.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS eDellRoot CA [reject edellroot.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + output: HandshakeFailed (Error_Protocol ("bad SignatureRSA for ecdhparams",True,HandshakeFailure)) + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + output: 200 OK + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + SKIP valid localhost certificate [accept localhost:54349] + SKIP invalid localhost certificate [reject localhost:54354] + SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/java-net/results.md b/stubs/java-https/results.txt similarity index 61% rename from stubs/java-net/results.md rename to stubs/java-https/results.txt index dbd4d3d..4466818 100644 --- a/stubs/java-net/results.md +++ b/stubs/java-https/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: java Run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ stub: java Run PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:55081] - SKIP invalid localhost certificate [reject localhost:55082] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:54213] + SKIP invalid localhost certificate [reject localhost:54214] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/java-https/results.md b/stubs/java-net/results.txt similarity index 61% rename from stubs/java-https/results.md rename to stubs/java-net/results.txt index 1fd84a0..0c5921e 100644 --- a/stubs/java-https/results.md +++ b/stubs/java-net/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: java Run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ stub: java Run PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:52120] - SKIP invalid localhost certificate [reject localhost:52121] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:54188] + SKIP invalid localhost certificate [reject localhost:54189] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/lua5.1-luasec/results.md b/stubs/lua5.1-luasec/results.md deleted file mode 100644 index 2452043..0000000 --- a/stubs/lua5.1-luasec/results.md +++ /dev/null @@ -1,32 +0,0 @@ -``` -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: 'lua5.1' 'stubs/lua5.1-luasec/run.lua' - PASS expired certificate [reject expired.badssl.com:443] - output: certificate verify failed - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - output: wrong hostname - PASS self-signed certificate [reject self-signed.badssl.com:443] - output: certificate verify failed - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - output: certificate verify failed - PASS Superfish CA [reject superfish.badssl.com:443] - output: certificate verify failed - PASS eDellRoot CA [reject edellroot.badssl.com:443] - output: certificate verify failed - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - output: certificate verify failed - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - output: bad signature - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - output: unexpected message - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - output: dh key too small - PASS valid localhost certificate [accept localhost:40469] - PASS invalid localhost certificate [reject localhost:33341] - output: wrong hostname - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] - output: certificate verify failed -``` diff --git a/stubs/php-file-get-contents/results.md b/stubs/php-file-get-contents/results.md deleted file mode 100644 index 51c2dd0..0000000 --- a/stubs/php-file-get-contents/results.md +++ /dev/null @@ -1,41 +0,0 @@ -``` -platform: Linux (debian 8.5) -runner: trytls 0.1.0 (CPython 2.7.9, OpenSSL 1.0.1t) -stub: php 'run.php' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:41375] - SKIP invalid localhost certificate [reject localhost:34105] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-urllib2/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:55612] - PASS invalid localhost certificate [reject localhost:55614] - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/php-file-get-contents/results.txt b/stubs/php-file-get-contents/results.txt new file mode 100644 index 0000000..788ac20 --- /dev/null +++ b/stubs/php-file-get-contents/results.txt @@ -0,0 +1,21 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: './run.php' + FAIL support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + FAIL SHA-256 signature [accept sha256.badssl.com:443] + FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + PASS protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:55427] + SKIP invalid localhost certificate [reject localhost:55428] + SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/python-idiokit/results.md b/stubs/python-idiokit/results.md deleted file mode 100644 index 15934d8..0000000 --- a/stubs/python-idiokit/results.md +++ /dev/null @@ -1,61 +0,0 @@ -``` -platform: Linux (Ubuntu 16.04) -runner: trytls ... -stub: python 'stubs/python-idiokit/run.py' - -[WIP] - - -... - - - -platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: python 'stubs/python-idiokit/run.py' - -[python-idiokit][ PASS ][ACCEPT][ Valid cert ][google.com] -[python-idiokit][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[python-idiokit][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[python-idiokit][ PASS ][REJECT][ Logjam ][www.ssllabs.com] -[python-idiokit][ PASS ][ACCEPT][ correct cert ][localhost] -[python-idiokit][ PASS ][REJECT][ wrong hostname ][localhost] -[python-idiokit][ PASS ][REJECT][ correct cn, wrong san ][localhost] -[python-idiokit][ OK? ][ACCEPT][ correct cn, no san ][localhost] -[python-idiokit][ PASS ][REJECT][ expired cert ][localhost] -[python-idiokit][ PASS ][REJECT][ sslv2 supported ][localhost] -[python-idiokit][ PASS ][REJECT][ sslv3 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ tlsv1 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ tlsv1.1 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ tlsv1.2 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports ssl in at least some level ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports high(>128 bit) 'secure' ciphers ][localhost] -[python-idiokit][ OK? ][REJECT][ supports medium(~128 bit) 'secure' ciphers ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'insecure' ciphers ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'RSA' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'AES256' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'SHA384' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'ECDSA' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'SRP' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'AES' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'DH' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'SHA' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'DSS' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'CAMELLIA256' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'PSK' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'AES128' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'SEED' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'CAMELLIA128' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'ADH' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'SHA256' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'RC4' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'MD5' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'DES' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'EDH' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'ECDH' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'ECDSA' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports '3DES' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'NULL' ][localhost] -``` diff --git a/stubs/python-idiokit/results.txt b/stubs/python-idiokit/results.txt new file mode 100644 index 0000000..70dec7b --- /dev/null +++ b/stubs/python-idiokit/results.txt @@ -0,0 +1,21 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + FAIL support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + FAIL SHA-256 signature [accept sha256.badssl.com:443] + FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53907] + PASS invalid localhost certificate [reject localhost:53909] + PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/python-requests/results.md b/stubs/python-requests/results.md deleted file mode 100644 index 25e6494..0000000 --- a/stubs/python-requests/results.md +++ /dev/null @@ -1,45 +0,0 @@ -``` -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-requests/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:64244] - output: /Library/Python/2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:64248] - output: /Library/Python/2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python 'stubs/python-requests/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:38399] - output: /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:44504] - output: /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/python-requests/results.txt b/stubs/python-requests/results.txt new file mode 100644 index 0000000..127fa72 --- /dev/null +++ b/stubs/python-requests/results.txt @@ -0,0 +1,23 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + PASS SHA-256 signature [accept sha256.badssl.com:443] + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53883] + output: /Library/Python/2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning + PASS invalid localhost certificate [reject localhost:53887] + output: /Library/Python/2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning + FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/python-urllib2/results.md b/stubs/python-urllib2/results.md deleted file mode 100644 index 1c2e9cb..0000000 --- a/stubs/python-urllib2/results.md +++ /dev/null @@ -1,40 +0,0 @@ -``` -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-urllib2/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:54584] - PASS invalid localhost certificate [reject localhost:54588] - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -```platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python 'stubs/python-urllib2/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:34886] - PASS invalid localhost certificate [reject localhost:41098] - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/python-urllib2/results.txt b/stubs/python-urllib2/results.txt new file mode 100644 index 0000000..e3860c1 --- /dev/null +++ b/stubs/python-urllib2/results.txt @@ -0,0 +1,21 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + PASS SHA-256 signature [accept sha256.badssl.com:443] + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53855] + PASS invalid localhost certificate [reject localhost:53859] + FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/python-urllib3/results.md b/stubs/python-urllib3/results.md deleted file mode 100644 index 2418920..0000000 --- a/stubs/python-urllib3/results.md +++ /dev/null @@ -1,65 +0,0 @@ -``` -ouspg01:trytls mamietti$ trytls https python stubs/python-urllib3/run.py -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-urllib3/run.py' - PASS expired certificate [reject expired.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - output: hostname 'wrong.host.badssl.com' doesn't match either of '*.badssl.com', 'badssl.com' - PASS self-signed certificate [reject self-signed.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS eDellRoot CA [reject edellroot.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - output: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590) - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:63256] - output: /Users/mamietti/Library/Python/2.7/lib/python/site-packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:63261] - output: /Users/mamietti/Library/Python/2.7/lib/python/site-packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarninghostname 'localhost' doesn't match u'nothing' - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python 'stubs/python-urllib3/run.py' - PASS expired certificate [reject expired.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - output: hostname 'wrong.host.badssl.com' doesn't match either of '*.badssl.com', 'badssl.com' - PASS self-signed certificate [reject self-signed.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS Superfish CA [reject superfish.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS eDellRoot CA [reject edellroot.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - output: [SSL: BAD_SIGNATURE] bad signature (_ssl.c:590) - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - output: [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:590) - PASS valid localhost certificate [accept localhost:42490] - output: /usr/lib/python2.7/dist-packages/urllib3/connection.py:266: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:41925] - output: /usr/lib/python2.7/dist-packages/urllib3/connection.py:266: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarninghostname 'localhost' doesn't match u'nothing' - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -``` diff --git a/stubs/python-urllib3/results.txt b/stubs/python-urllib3/results.txt new file mode 100644 index 0000000..f357b8b --- /dev/null +++ b/stubs/python-urllib3/results.txt @@ -0,0 +1,33 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + output: hostname 'wrong.host.badssl.com' doesn't match either of '*.badssl.com', 'badssl.com' + PASS self-signed certificate [reject self-signed.badssl.com:443] + output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) + PASS SHA-256 signature [accept sha256.badssl.com:443] + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) + PASS eDellRoot CA [reject edellroot.badssl.com:443] + output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + output: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590) + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) + PASS valid localhost certificate [accept localhost:53816] + output: /Users/mamietti/Library/Python/2.7/lib/python/site-packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning + PASS invalid localhost certificate [reject localhost:53819] + output: /Users/mamietti/Library/Python/2.7/lib/python/site-packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarninghostname 'localhost' doesn't match u'nothing' + FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/python3-urllib/results.md b/stubs/python3-urllib/results.md deleted file mode 100644 index f749f0b..0000000 --- a/stubs/python3-urllib/results.md +++ /dev/null @@ -1,41 +0,0 @@ -``` -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python3 'stubs/python3-urllib/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:54491] - PASS invalid localhost certificate [reject localhost:54495] - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python3 'stubs/python3-urllib/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:40962] - PASS invalid localhost certificate [reject localhost:33151] - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/python3-urllib/results.txt b/stubs/python3-urllib/results.txt new file mode 100644 index 0000000..4fcac82 --- /dev/null +++ b/stubs/python3-urllib/results.txt @@ -0,0 +1,21 @@ +platform: OS X 10.11.5 +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python3 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + PASS SHA-256 signature [accept sha256.badssl.com:443] + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53766] + PASS invalid localhost certificate [reject localhost:53768] + FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/vb-net/results.md b/stubs/vb-net/results.md deleted file mode 100644 index 4426eda..0000000 --- a/stubs/vb-net/results.md +++ /dev/null @@ -1,81 +0,0 @@ -``` -Mono JIT compiler version 4.5.2 -Visual Basic.Net Compiler version 0.0.0.5943 (Mono 4.0.1 - tarball) - -Do not use old compilers if it is not required for some reason. -For example Mono JIT compiler version 4.2.1 which is the currently (7.20.2016) default version -when installed using apt-get FAILS the expired certificate test. - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: VB-Net 'Run.exe' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:36162] - SKIP invalid localhost certificate [reject localhost:44585] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: VB-Net 'Run.exe' - -[VB-Net][ PASS ][ACCEPT][ Valid cert ][google.com] - -[VB-Net][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -[VB-Net][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[VB-Net][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[VB-Net][ PASS ][REJECT][ expired ][expired.badssl.com] -[VB-Net][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[VB-Net][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[VB-Net][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -[VB-Net][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[VB-Net][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[VB-Net][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[VB-Net][ OK? ][ UNSUPPORTED ][ disable ca-bundles ][badssl.com] -[VB-Net][ OK? ][REJECT][ dh1024 ][dh1024.badssl.com] -[VB-Net][ OK? ][REJECT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -[VB-Net][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[VB-Net][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -[VB-Net][ OK? ][REJECT][ mozilla-modern ][mozilla-modern.badssl.com] -[VB-Net][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -[VB-Net][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -[VB-Net][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -[VB-Net][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[VB-Net][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -[VB-Net][ OK? ][ACCEPT][ rc4 ][rc4.badssl.com] -[VB-Net][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -[VB-Net][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -[VB-Net][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -[VB-Net][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -[VB-Net][ OK? ][ACCEPT][ very ][very.badssl.com] -[VB-Net][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[VB-Net][ FAIL ][REJECT][ 1000-sans ][1000-sans.badssl.com] -[VB-Net][ FAIL ][REJECT][ dh2048 ][dh2048.badssl.com] - -[VB-Net][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[VB-Net][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[VB-Net][ PASS ][REJECT][ Logjam ][www.ssllabs.com] - -``` diff --git a/stubs/vb-net/results.txt b/stubs/vb-net/results.txt new file mode 100644 index 0000000..8a3e991 --- /dev/null +++ b/stubs/vb-net/results.txt @@ -0,0 +1,22 @@ + +platform: Linux (Ubuntu 16.04) +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: mono 'Run.exe' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] +PASS expired certificate [reject expired.badssl.com:443] +PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] +PASS self-signed certificate [reject self-signed.badssl.com:443] +PASS SHA-256 signature [accept sha256.badssl.com:443] +FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] +PASS Superfish CA [reject superfish.badssl.com:443] +PASS eDellRoot CA [reject edellroot.badssl.com:443] +PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +PASS protect against the FREAK attack [reject www.ssllabs.com:10444] +PASS protect against the Logjam attack [reject www.ssllabs.com:10445] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:44164] +SKIP invalid localhost certificate [reject localhost:37063] +SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443]