From 0aa6c8a15c36e262601b34f61cf5de2d23e1de05 Mon Sep 17 00:00:00 2001 From: Mauri Miettinen Date: Thu, 28 Jul 2016 14:52:18 +0300 Subject: [PATCH 1/5] Changed format of results --- stubs/FSharp-net/{results.md => results.txt} | 0 stubs/bash-curl/{results.md => results.txt} | 0 stubs/bash-opensslSClient/{results.md => results.txt} | 0 stubs/c-openssl/{results.md => results.txt} | 0 stubs/cSharp-Net/{results.md => results.txt} | 0 stubs/dotnet-https/{results.md => results.txt} | 0 stubs/go-nethttp/{results.md => results.txt} | 0 stubs/haskell-http-client-tls/{results.md => results.txt} | 0 stubs/haskell-wreq/{results.md => results.txt} | 0 stubs/java-https/{results.md => results.txt} | 0 stubs/java-net/{results.md => results.txt} | 0 stubs/lua5.1-luasec/{results.md => results.txt} | 0 stubs/php-file-get-contents/{results.md => results.txt} | 0 stubs/python-idiokit/{results.md => results.txt} | 0 stubs/python-requests/{results.md => results.txt} | 0 stubs/python-urllib2/{results.md => results.txt} | 0 stubs/python-urllib3/{results.md => results.txt} | 0 stubs/python3-urllib/{results.md => results.txt} | 0 stubs/vb-net/{results.md => results.txt} | 0 19 files changed, 0 insertions(+), 0 deletions(-) rename stubs/FSharp-net/{results.md => results.txt} (100%) rename stubs/bash-curl/{results.md => results.txt} (100%) rename stubs/bash-opensslSClient/{results.md => results.txt} (100%) rename stubs/c-openssl/{results.md => results.txt} (100%) rename stubs/cSharp-Net/{results.md => results.txt} (100%) rename stubs/dotnet-https/{results.md => results.txt} (100%) rename stubs/go-nethttp/{results.md => results.txt} (100%) rename stubs/haskell-http-client-tls/{results.md => results.txt} (100%) rename stubs/haskell-wreq/{results.md => results.txt} (100%) rename stubs/java-https/{results.md => results.txt} (100%) rename stubs/java-net/{results.md => results.txt} (100%) rename stubs/lua5.1-luasec/{results.md => results.txt} (100%) rename stubs/php-file-get-contents/{results.md => results.txt} (100%) rename stubs/python-idiokit/{results.md => results.txt} (100%) rename stubs/python-requests/{results.md => results.txt} (100%) rename stubs/python-urllib2/{results.md => results.txt} (100%) rename stubs/python-urllib3/{results.md => results.txt} (100%) rename stubs/python3-urllib/{results.md => results.txt} (100%) rename stubs/vb-net/{results.md => results.txt} (100%) diff --git a/stubs/FSharp-net/results.md b/stubs/FSharp-net/results.txt similarity index 100% rename from stubs/FSharp-net/results.md rename to stubs/FSharp-net/results.txt diff --git a/stubs/bash-curl/results.md b/stubs/bash-curl/results.txt similarity index 100% rename from stubs/bash-curl/results.md rename to stubs/bash-curl/results.txt diff --git a/stubs/bash-opensslSClient/results.md b/stubs/bash-opensslSClient/results.txt similarity index 100% rename from stubs/bash-opensslSClient/results.md rename to stubs/bash-opensslSClient/results.txt diff --git a/stubs/c-openssl/results.md b/stubs/c-openssl/results.txt similarity index 100% rename from stubs/c-openssl/results.md rename to stubs/c-openssl/results.txt diff --git a/stubs/cSharp-Net/results.md b/stubs/cSharp-Net/results.txt similarity index 100% rename from stubs/cSharp-Net/results.md rename to stubs/cSharp-Net/results.txt diff --git a/stubs/dotnet-https/results.md b/stubs/dotnet-https/results.txt similarity index 100% rename from stubs/dotnet-https/results.md rename to stubs/dotnet-https/results.txt diff --git a/stubs/go-nethttp/results.md b/stubs/go-nethttp/results.txt similarity index 100% rename from stubs/go-nethttp/results.md rename to stubs/go-nethttp/results.txt diff --git a/stubs/haskell-http-client-tls/results.md b/stubs/haskell-http-client-tls/results.txt similarity index 100% rename from stubs/haskell-http-client-tls/results.md rename to stubs/haskell-http-client-tls/results.txt diff --git a/stubs/haskell-wreq/results.md b/stubs/haskell-wreq/results.txt similarity index 100% rename from stubs/haskell-wreq/results.md rename to stubs/haskell-wreq/results.txt diff --git a/stubs/java-https/results.md b/stubs/java-https/results.txt similarity index 100% rename from stubs/java-https/results.md rename to stubs/java-https/results.txt diff --git a/stubs/java-net/results.md b/stubs/java-net/results.txt similarity index 100% rename from stubs/java-net/results.md rename to stubs/java-net/results.txt diff --git a/stubs/lua5.1-luasec/results.md b/stubs/lua5.1-luasec/results.txt similarity index 100% rename from stubs/lua5.1-luasec/results.md rename to stubs/lua5.1-luasec/results.txt diff --git a/stubs/php-file-get-contents/results.md b/stubs/php-file-get-contents/results.txt similarity index 100% rename from stubs/php-file-get-contents/results.md rename to stubs/php-file-get-contents/results.txt diff --git a/stubs/python-idiokit/results.md b/stubs/python-idiokit/results.txt similarity index 100% rename from stubs/python-idiokit/results.md rename to stubs/python-idiokit/results.txt diff --git a/stubs/python-requests/results.md b/stubs/python-requests/results.txt similarity index 100% rename from stubs/python-requests/results.md rename to stubs/python-requests/results.txt diff --git a/stubs/python-urllib2/results.md b/stubs/python-urllib2/results.txt similarity index 100% rename from stubs/python-urllib2/results.md rename to stubs/python-urllib2/results.txt diff --git a/stubs/python-urllib3/results.md b/stubs/python-urllib3/results.txt similarity index 100% rename from stubs/python-urllib3/results.md rename to stubs/python-urllib3/results.txt diff --git a/stubs/python3-urllib/results.md b/stubs/python3-urllib/results.txt similarity index 100% rename from stubs/python3-urllib/results.md rename to stubs/python3-urllib/results.txt diff --git a/stubs/vb-net/results.md b/stubs/vb-net/results.txt similarity index 100% rename from stubs/vb-net/results.md rename to stubs/vb-net/results.txt From 16465bc8c8d13d73aa7ff3d10ed1fb8d50388dfd Mon Sep 17 00:00:00 2001 From: Mauri Miettinen Date: Thu, 28 Jul 2016 15:41:13 +0300 Subject: [PATCH 2/5] Added latest results for the first batch of stubs --- stubs/bash-curl/results.txt | 113 +++------------------- stubs/bash-opensslSClient/results.txt | 28 ++++-- stubs/dotnet-https/results.txt | 13 +-- stubs/haskell-http-client-tls/results.txt | 80 +++++++-------- stubs/haskell-wreq/results.txt | 28 ++++-- stubs/java-https/results.txt | 13 +-- stubs/java-net/results.txt | 13 +-- stubs/php-file-get-contents/results.txt | 96 ++++++++++-------- stubs/python-idiokit/results.txt | 82 ++++------------ stubs/python-requests/results.txt | 38 ++------ stubs/python-urllib2/results.txt | 35 ++----- stubs/python-urllib3/results.txt | 52 ++-------- stubs/python3-urllib/results.txt | 36 ++----- 13 files changed, 226 insertions(+), 401 deletions(-) diff --git a/stubs/bash-curl/results.txt b/stubs/bash-curl/results.txt index f8338e2..f4eeebd 100644 --- a/stubs/bash-curl/results.txt +++ b/stubs/bash-curl/results.txt @@ -1,112 +1,23 @@ -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) +platform: OS X 10.11.5 +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: bash run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] PASS SHA-256 signature [accept sha256.badssl.com:443] PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - FAIL valid localhost certificate [accept localhost:40809] - PASS invalid localhost certificate [reject localhost:46658] - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] - - -``` - -``` -platform: Linux (Ubuntu 16.04) -runner: bashtls with bash-driver using simplerunner -stub: bash run - -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports SNI ][badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ expired ][expired.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ 1000-sans ][1000-sans.badssl.com] -bash_1 | [bash-curl][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ very ][very.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ rc4 ][rc4.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ mozilla-modern ][mozilla-modern.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ dh1024 ][dh1024.badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ dh2048 ][dh2048.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -bash_1 | [bash-curl][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -bash_1 | [bash-curl][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ superfish ][superfish.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -bash_1 | [bash-curl][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -bash_1 | [bash-curl][ FAIL ][ACCEPT][ disable ca-bundles ][badssl.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ correct cert ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ wrong hostname ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ correct cn, wrong san ][localhost] -bash_1 | [bash-curl][ OK? ][ACCEPT][ correct cn, no san ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ expired cert ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ sslv2 supported ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ sslv3 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ tlsv1 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ tlsv1.1 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ tlsv1.2 supported ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports ssl in at least some level ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports high(>128 bit) 'secure' ciphers ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports medium(~128 bit) 'secure' ciphers ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'insecure' ciphers ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'RSA' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'AES256' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'SHA384' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'ECDSA' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'SRP' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'AES' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'DH' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'SHA' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'DSS' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'CAMELLIA256' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'PSK' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'AES128' ][localhost] -bash_1 | [bash-curl][ OK? ][REJECT][ supports 'SEED' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'CAMELLIA128' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'ADH' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'SHA256' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'RC4' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'MD5' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'DES' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'EDH' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports 'ECDH' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'ECDSA' ][localhost] -bash_1 | [bash-curl][ PASS ][ACCEPT][ supports '3DES' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ supports 'NULL' ][localhost] -bash_1 | [bash-curl][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -bash_1 | [bash-curl][ PASS ][REJECT][ Freak ][www.ssllabs.com] -bash_1 | [bash-curl][ PASS ][REJECT][ Logjam ][www.ssllabs.com] -bash_1 | [bash-curl][ PASS ][ACCEPT][ Valid cert ][google.com] - - - - -``` + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +ERROR valid localhost certificate [accept localhost:55111] + reason: stub exited with return code 56 + output: Error code: 56, for more info: https://curl.haxx.se/libcurl/c/libcurl-errors.html + PASS invalid localhost certificate [reject localhost:55115] + PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/bash-opensslSClient/results.txt b/stubs/bash-opensslSClient/results.txt index 08b63c3..ba3b5bc 100644 --- a/stubs/bash-opensslSClient/results.txt +++ b/stubs/bash-opensslSClient/results.txt @@ -1,8 +1,7 @@ -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) +platform: OS X 10.11.5 +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: bash run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -12,10 +11,19 @@ stub: bash run PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - FAIL protect against an OS X vulnerability [reject www.ssllabs.com:10443] - FAIL protect against the FREAK attack [reject www.ssllabs.com:10444] +ERROR protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + reason: stub exited with return code 1 + output: 35623:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s23_clnt.c:593: CONNECTED(00000003) +ERROR protect against the FREAK attack [reject www.ssllabs.com:10444] + reason: stub exited with return code 1 + output: depth=2 /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2 verify error:num=20:unable to get local issuer certificate verify return:0 35630:error:1408D0F4:SSL routines:SSL3_GET_KEY_EXCHANGE:unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_clnt.c:1187: CONNECTED(00000003) FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:38736] - FAIL invalid localhost certificate [reject localhost:40748] - -``` +ERROR protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + reason: stub exited with return code 1 + output: depth=2 /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority verify error:num=20:unable to get local issuer certificate verify return:0 35644:error:1408D0F4:SSL routines:SSL3_GET_KEY_EXCHANGE:unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_clnt.c:1187: CONNECTED(00000003) +ERROR protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + reason: stub exited with return code 1 + output: depth=2 /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority verify error:num=20:unable to get local issuer certificate verify return:0 35651:error:1408D0F4:SSL routines:SSL3_GET_KEY_EXCHANGE:unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_clnt.c:1187: CONNECTED(00000003) + PASS valid localhost certificate [accept localhost:55085] + FAIL invalid localhost certificate [reject localhost:55087] + FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/dotnet-https/results.txt b/stubs/dotnet-https/results.txt index b911d59..b354309 100644 --- a/stubs/dotnet-https/results.txt +++ b/stubs/dotnet-https/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: docker run 'trytls:dotnet-https' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ stub: docker run 'trytls:dotnet-https' PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:50081] - SKIP invalid localhost certificate [reject localhost:50086] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:55020] + SKIP invalid localhost certificate [reject localhost:55025] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - ``` diff --git a/stubs/haskell-http-client-tls/results.txt b/stubs/haskell-http-client-tls/results.txt index 854d226..0f10c44 100644 --- a/stubs/haskell-http-client-tls/results.txt +++ b/stubs/haskell-http-client-tls/results.txt @@ -1,38 +1,42 @@ -``` -platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: docker run '--rm' 'test-http-client-tls' - PASS expired certificate [reject expired.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired)) - FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] - output: 200 OK - PASS self-signed certificate [reject self-signed.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown)) - PASS SHA-256 signature [accept sha256.badssl.com:443] - output: 200 OK - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - output: 200 OK - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS Superfish CA [reject superfish.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS eDellRoot CA [reject edellroot.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - output: HandshakeFailed (Error_Protocol ("bad SignatureRSA for ecdhparams",True,HandshakeFailure)) - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - output: 200 OK -ERROR valid localhost certificate [accept localhost:50880] - reason: stub exited with return code 1 - output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpeXV2El/0 -ERROR invalid localhost certificate [reject localhost:50885] - reason: stub exited with return code 1 - output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpNSbZYo/0 -ERROR use only the given CA bundle, not system's [reject sha256.badssl.com:443] - reason: stub exited with return code 1 - output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpc5FNQm/0 -``` +platform: OS X 10.11.5 +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: docker run '--rm' 'test-http-client-tls' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + output: 200 OK + PASS expired certificate [reject expired.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired)) + FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] + output: 200 OK + PASS self-signed certificate [reject self-signed.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown)) + PASS SHA-256 signature [accept sha256.badssl.com:443] + output: 200 OK + PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + output: 200 OK + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS Superfish CA [reject superfish.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS eDellRoot CA [reject edellroot.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + output: HandshakeFailed (Error_Protocol ("bad SignatureRSA for ecdhparams",True,HandshakeFailure)) + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + output: 200 OK + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") +ERROR valid localhost certificate [accept localhost:54859] + reason: stub exited with return code 1 + output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmplKMh4s/0 +ERROR invalid localhost certificate [reject localhost:54864] + reason: stub exited with return code 1 + output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmpfQtFag/0 +ERROR use only the given CA bundle, not system's [reject sha256.badssl.com:443] + reason: stub exited with return code 1 + output: Error: Invalid ca-bundle in /var/folders/nt/_ggb7gp565jg1b_ys8xws3600000gp/T/tmp88nPhz/0 diff --git a/stubs/haskell-wreq/results.txt b/stubs/haskell-wreq/results.txt index 532cb71..debddf8 100644 --- a/stubs/haskell-wreq/results.txt +++ b/stubs/haskell-wreq/results.txt @@ -1,20 +1,36 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: docker run '--rm' 'test-wreq' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] + output: 200 OK PASS expired certificate [reject expired.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired)) FAIL wrong hostname in certificate [reject wrong.host.badssl.com:443] + output: 200 OK PASS self-signed certificate [reject self-signed.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown)) PASS SHA-256 signature [accept sha256.badssl.com:443] + output: 200 OK PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + output: 200 OK PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) PASS Superfish CA [reject superfish.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) PASS eDellRoot CA [reject edellroot.badssl.com:443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)) + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + output: HandshakeFailed (Error_Protocol ("bad SignatureRSA for ecdhparams",True,HandshakeFailure)) PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:54750] - SKIP invalid localhost certificate [reject localhost:54755] + output: 200 OK + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes") + SKIP valid localhost certificate [accept localhost:54349] + SKIP invalid localhost certificate [reject localhost:54354] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/java-https/results.txt b/stubs/java-https/results.txt index 1fd84a0..e507734 100644 --- a/stubs/java-https/results.txt +++ b/stubs/java-https/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: java Run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ stub: java Run PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:52120] - SKIP invalid localhost certificate [reject localhost:52121] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:54213] + SKIP invalid localhost certificate [reject localhost:54214] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/java-net/results.txt b/stubs/java-net/results.txt index dbd4d3d..ec88672 100644 --- a/stubs/java-net/results.txt +++ b/stubs/java-net/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: java Run + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ stub: java Run PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:55081] - SKIP invalid localhost certificate [reject localhost:55082] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:54188] + SKIP invalid localhost certificate [reject localhost:54189] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/php-file-get-contents/results.txt b/stubs/php-file-get-contents/results.txt index 51c2dd0..4f7fcf0 100644 --- a/stubs/php-file-get-contents/results.txt +++ b/stubs/php-file-get-contents/results.txt @@ -1,41 +1,57 @@ -``` -platform: Linux (debian 8.5) -runner: trytls 0.1.0 (CPython 2.7.9, OpenSSL 1.0.1t) -stub: php 'run.php' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:41375] - SKIP invalid localhost certificate [reject localhost:34105] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-urllib2/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - FAIL incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:55612] - PASS invalid localhost certificate [reject localhost:55614] - FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: docker run '-ti' '--rm' 'php-file-get-contents' +ERROR support for TLS server name indication (SNI) [accept badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR expired certificate [reject expired.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR wrong hostname in certificate [reject wrong.host.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR self-signed certificate [reject self-signed.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR SHA-256 signature [accept sha256.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR incomplete chain of trust [reject incomplete-chain.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR Superfish CA [reject superfish.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR eDellRoot CA [reject edellroot.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR protect against the FREAK attack [reject www.ssllabs.com:10444] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR protect against the Logjam attack [reject www.ssllabs.com:10445] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR valid localhost certificate [accept localhost:54152] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR invalid localhost certificate [reject localhost:54155] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input +ERROR use only the given CA bundle, not system's [reject sha256.badssl.com:443] + reason: stub exited with return code 1 + output: cannot enable tty mode on non tty input diff --git a/stubs/python-idiokit/results.txt b/stubs/python-idiokit/results.txt index 15934d8..08d71d0 100644 --- a/stubs/python-idiokit/results.txt +++ b/stubs/python-idiokit/results.txt @@ -1,61 +1,21 @@ -``` -platform: Linux (Ubuntu 16.04) -runner: trytls ... -stub: python 'stubs/python-idiokit/run.py' - -[WIP] - - -... - - - -platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: python 'stubs/python-idiokit/run.py' - -[python-idiokit][ PASS ][ACCEPT][ Valid cert ][google.com] -[python-idiokit][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[python-idiokit][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[python-idiokit][ PASS ][REJECT][ Logjam ][www.ssllabs.com] -[python-idiokit][ PASS ][ACCEPT][ correct cert ][localhost] -[python-idiokit][ PASS ][REJECT][ wrong hostname ][localhost] -[python-idiokit][ PASS ][REJECT][ correct cn, wrong san ][localhost] -[python-idiokit][ OK? ][ACCEPT][ correct cn, no san ][localhost] -[python-idiokit][ PASS ][REJECT][ expired cert ][localhost] -[python-idiokit][ PASS ][REJECT][ sslv2 supported ][localhost] -[python-idiokit][ PASS ][REJECT][ sslv3 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ tlsv1 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ tlsv1.1 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ tlsv1.2 supported ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports ssl in at least some level ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports high(>128 bit) 'secure' ciphers ][localhost] -[python-idiokit][ OK? ][REJECT][ supports medium(~128 bit) 'secure' ciphers ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'insecure' ciphers ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'RSA' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'AES256' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'SHA384' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'ECDSA' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'SRP' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'AES' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'DH' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'SHA' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'DSS' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'CAMELLIA256' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'PSK' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'AES128' ][localhost] -[python-idiokit][ OK? ][REJECT][ supports 'SEED' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'CAMELLIA128' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'ADH' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'SHA256' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'RC4' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'MD5' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'DES' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'EDH' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports 'ECDH' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'ECDSA' ][localhost] -[python-idiokit][ PASS ][ACCEPT][ supports '3DES' ][localhost] -[python-idiokit][ PASS ][REJECT][ supports 'NULL' ][localhost] -``` +platform: OS X 10.11.5 +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + FAIL support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + FAIL SHA-256 signature [accept sha256.badssl.com:443] + FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53907] + PASS invalid localhost certificate [reject localhost:53909] + PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/python-requests/results.txt b/stubs/python-requests/results.txt index 25e6494..a227e4f 100644 --- a/stubs/python-requests/results.txt +++ b/stubs/python-requests/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-requests/run.py' +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,35 +11,13 @@ stub: python 'stubs/python-requests/run.py' PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:64244] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53883] output: /Library/Python/2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:64248] + PASS invalid localhost certificate [reject localhost:53887] output: /Library/Python/2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python 'stubs/python-requests/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:38399] - output: /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:44504] - output: /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/python-urllib2/results.txt b/stubs/python-urllib2/results.txt index 1c2e9cb..1ae8f73 100644 --- a/stubs/python-urllib2/results.txt +++ b/stubs/python-urllib2/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-urllib2/run.py' +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,30 +11,11 @@ stub: python 'stubs/python-urllib2/run.py' PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:54584] - PASS invalid localhost certificate [reject localhost:54588] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53855] + PASS invalid localhost certificate [reject localhost:53859] FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -```platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python 'stubs/python-urllib2/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:34886] - PASS invalid localhost certificate [reject localhost:41098] - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/python-urllib3/results.txt b/stubs/python-urllib3/results.txt index 2418920..1e4295c 100644 --- a/stubs/python-urllib3/results.txt +++ b/stubs/python-urllib3/results.txt @@ -1,8 +1,7 @@ -``` -ouspg01:trytls mamietti$ trytls https python stubs/python-urllib3/run.py platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python 'stubs/python-urllib3/run.py' +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] @@ -18,48 +17,17 @@ stub: python 'stubs/python-urllib3/run.py' output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] output: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590) PASS protect against the FREAK attack [reject www.ssllabs.com:10444] output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:63256] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) + PASS valid localhost certificate [accept localhost:53816] output: /Users/mamietti/Library/Python/2.7/lib/python/site-packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:63261] + PASS invalid localhost certificate [reject localhost:53819] output: /Users/mamietti/Library/Python/2.7/lib/python/site-packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarninghostname 'localhost' doesn't match u'nothing' FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python 'stubs/python-urllib3/run.py' - PASS expired certificate [reject expired.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - output: hostname 'wrong.host.badssl.com' doesn't match either of '*.badssl.com', 'badssl.com' - PASS self-signed certificate [reject self-signed.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS Superfish CA [reject superfish.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS eDellRoot CA [reject edellroot.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - output: [SSL: BAD_SIGNATURE] bad signature (_ssl.c:590) - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - output: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:590) - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - output: [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:590) - PASS valid localhost certificate [accept localhost:42490] - output: /usr/lib/python2.7/dist-packages/urllib3/connection.py:266: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning - PASS invalid localhost certificate [reject localhost:41925] - output: /usr/lib/python2.7/dist-packages/urllib3/connection.py:266: SubjectAltNameWarning: Certificate for localhost has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarninghostname 'localhost' doesn't match u'nothing' - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] - output: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -``` diff --git a/stubs/python3-urllib/results.txt b/stubs/python3-urllib/results.txt index f749f0b..5a104b5 100644 --- a/stubs/python3-urllib/results.txt +++ b/stubs/python3-urllib/results.txt @@ -1,7 +1,7 @@ -``` platform: OS X 10.11.5 -runner: trytls 0.1.0 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: python3 'stubs/python3-urllib/run.py' +runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +stub: python3 'run.py' + PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,31 +11,11 @@ stub: python3 'stubs/python3-urllib/run.py' PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] FAIL protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:54491] - PASS invalid localhost certificate [reject localhost:54495] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + PASS valid localhost certificate [accept localhost:53766] + PASS invalid localhost certificate [reject localhost:53768] FAIL use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` ---- -``` -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.11+, OpenSSL 1.0.2g-fips) -stub: python3 'stubs/python3-urllib/run.py' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - PASS valid localhost certificate [accept localhost:40962] - PASS invalid localhost certificate [reject localhost:33151] - PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` From a1a2b517901d5009f455fb527abd5c0574b82675 Mon Sep 17 00:00:00 2001 From: Mauri Miettinen Date: Thu, 28 Jul 2016 15:43:57 +0300 Subject: [PATCH 3/5] ran php stub again with the simpler command --- stubs/php-file-get-contents/results.txt | 74 +++++++------------------ 1 file changed, 19 insertions(+), 55 deletions(-) diff --git a/stubs/php-file-get-contents/results.txt b/stubs/php-file-get-contents/results.txt index 4f7fcf0..d5343ad 100644 --- a/stubs/php-file-get-contents/results.txt +++ b/stubs/php-file-get-contents/results.txt @@ -1,57 +1,21 @@ platform: OS X 10.11.5 runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) -stub: docker run '-ti' '--rm' 'php-file-get-contents' -ERROR support for TLS server name indication (SNI) [accept badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR expired certificate [reject expired.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR wrong hostname in certificate [reject wrong.host.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR self-signed certificate [reject self-signed.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR SHA-256 signature [accept sha256.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR incomplete chain of trust [reject incomplete-chain.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR Superfish CA [reject superfish.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR eDellRoot CA [reject edellroot.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR protect against the FREAK attack [reject www.ssllabs.com:10444] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR protect against the Logjam attack [reject www.ssllabs.com:10445] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR valid localhost certificate [accept localhost:54152] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR invalid localhost certificate [reject localhost:54155] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input -ERROR use only the given CA bundle, not system's [reject sha256.badssl.com:443] - reason: stub exited with return code 1 - output: cannot enable tty mode on non tty input +stub: './run.php' + FAIL support for TLS server name indication (SNI) [accept badssl.com:443] + PASS expired certificate [reject expired.badssl.com:443] + PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] + PASS self-signed certificate [reject self-signed.badssl.com:443] + FAIL SHA-256 signature [accept sha256.badssl.com:443] + FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] + PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] + PASS Superfish CA [reject superfish.badssl.com:443] + PASS eDellRoot CA [reject edellroot.badssl.com:443] + PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] + PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] + PASS protect against the FREAK attack [reject www.ssllabs.com:10444] + PASS protect against the Logjam attack [reject www.ssllabs.com:10445] + PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] + PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] + SKIP valid localhost certificate [accept localhost:55427] + SKIP invalid localhost certificate [reject localhost:55428] + SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] From cb32042ce331b081ac64402bbdd2d7654e21508b Mon Sep 17 00:00:00 2001 From: Mauri Miettinen Date: Mon, 1 Aug 2016 10:49:04 +0300 Subject: [PATCH 4/5] Upped recently changed version number in test --- stubs/bash-curl/results.txt | 2 +- stubs/bash-opensslSClient/results.txt | 2 +- stubs/dotnet-https/results.txt | 2 +- stubs/haskell-http-client-tls/results.txt | 2 +- stubs/haskell-wreq/results.txt | 2 +- stubs/java-https/results.txt | 2 +- stubs/java-net/results.txt | 2 +- stubs/php-file-get-contents/results.txt | 2 +- stubs/python-idiokit/results.txt | 2 +- stubs/python-requests/results.txt | 2 +- stubs/python-urllib2/results.txt | 2 +- stubs/python-urllib3/results.txt | 2 +- stubs/python3-urllib/results.txt | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/stubs/bash-curl/results.txt b/stubs/bash-curl/results.txt index f4eeebd..26cac3f 100644 --- a/stubs/bash-curl/results.txt +++ b/stubs/bash-curl/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: bash run PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/bash-opensslSClient/results.txt b/stubs/bash-opensslSClient/results.txt index ba3b5bc..3650e64 100644 --- a/stubs/bash-opensslSClient/results.txt +++ b/stubs/bash-opensslSClient/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: bash run PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/dotnet-https/results.txt b/stubs/dotnet-https/results.txt index b354309..ccdec60 100644 --- a/stubs/dotnet-https/results.txt +++ b/stubs/dotnet-https/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: docker run 'trytls:dotnet-https' PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/haskell-http-client-tls/results.txt b/stubs/haskell-http-client-tls/results.txt index 0f10c44..f6184f8 100644 --- a/stubs/haskell-http-client-tls/results.txt +++ b/stubs/haskell-http-client-tls/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: docker run '--rm' 'test-http-client-tls' PASS support for TLS server name indication (SNI) [accept badssl.com:443] output: 200 OK diff --git a/stubs/haskell-wreq/results.txt b/stubs/haskell-wreq/results.txt index debddf8..89dc2fd 100644 --- a/stubs/haskell-wreq/results.txt +++ b/stubs/haskell-wreq/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: docker run '--rm' 'test-wreq' PASS support for TLS server name indication (SNI) [accept badssl.com:443] output: 200 OK diff --git a/stubs/java-https/results.txt b/stubs/java-https/results.txt index e507734..4466818 100644 --- a/stubs/java-https/results.txt +++ b/stubs/java-https/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: java Run PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/java-net/results.txt b/stubs/java-net/results.txt index ec88672..0c5921e 100644 --- a/stubs/java-net/results.txt +++ b/stubs/java-net/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: java Run PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/php-file-get-contents/results.txt b/stubs/php-file-get-contents/results.txt index d5343ad..788ac20 100644 --- a/stubs/php-file-get-contents/results.txt +++ b/stubs/php-file-get-contents/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: './run.php' FAIL support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/python-idiokit/results.txt b/stubs/python-idiokit/results.txt index 08d71d0..70dec7b 100644 --- a/stubs/python-idiokit/results.txt +++ b/stubs/python-idiokit/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: python 'run.py' FAIL support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/python-requests/results.txt b/stubs/python-requests/results.txt index a227e4f..127fa72 100644 --- a/stubs/python-requests/results.txt +++ b/stubs/python-requests/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: python 'run.py' PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/python-urllib2/results.txt b/stubs/python-urllib2/results.txt index 1ae8f73..e3860c1 100644 --- a/stubs/python-urllib2/results.txt +++ b/stubs/python-urllib2/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: python 'run.py' PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/python-urllib3/results.txt b/stubs/python-urllib3/results.txt index 1e4295c..f357b8b 100644 --- a/stubs/python-urllib3/results.txt +++ b/stubs/python-urllib3/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: python 'run.py' PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] diff --git a/stubs/python3-urllib/results.txt b/stubs/python3-urllib/results.txt index 5a104b5..4fcac82 100644 --- a/stubs/python3-urllib/results.txt +++ b/stubs/python3-urllib/results.txt @@ -1,5 +1,5 @@ platform: OS X 10.11.5 -runner: trytls 0.1.1 (CPython 2.7.10, OpenSSL 0.9.8zh) +runner: trytls 0.2.0 (CPython 2.7.10, OpenSSL 0.9.8zh) stub: python3 'run.py' PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] From 52a089b6ae997d92458401e7cd4ac3c8a2216a5b Mon Sep 17 00:00:00 2001 From: Mauri Miettinen Date: Mon, 1 Aug 2016 13:00:54 +0300 Subject: [PATCH 5/5] Added missing results --- stubs/FSharp-net/results.txt | 100 +++++++---------------------------- stubs/c-openssl/results.txt | 87 +++++++----------------------- stubs/cSharp-Net/results.txt | 100 +++++++---------------------------- stubs/go-nethttp/results.txt | 13 ++--- stubs/vb-net/results.txt | 99 +++++++--------------------------- 5 files changed, 87 insertions(+), 312 deletions(-) diff --git a/stubs/FSharp-net/results.txt b/stubs/FSharp-net/results.txt index 22196f2..91c9552 100644 --- a/stubs/FSharp-net/results.txt +++ b/stubs/FSharp-net/results.txt @@ -1,81 +1,21 @@ -``` -Mono JIT compiler version 4.5.2 -F# Compiler for F# 4.1 - -Do not use old compilers if it is not required for some reason. -For example Mono JIT compiler version 4.2.1 which is the currently (7.20.2016) default version -when installed using apt-get FAILS the expired certificate test. - -``` - -``` - platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: FSharp-Net 'Run.exe' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:36162] - SKIP invalid localhost certificate [reject localhost:44585] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: FSharp-Net 'Run.exe' - -[F#-Net][ PASS ][ACCEPT][ Valid cert ][google.com] - -[F#-Net][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -[F#-Net][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[F#-Net][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[F#-Net][ PASS ][REJECT][ expired ][expired.badssl.com] -[F#-Net][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[F#-Net][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[F#-Net][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -[F#-Net][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[F#-Net][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[F#-Net][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[F#-Net][ OK? ][ UNSUPPORTED ][ disable ca-bundles ][badssl.com] -[F#-Net][ OK? ][REJECT][ dh1024 ][dh1024.badssl.com] -[F#-Net][ OK? ][REJECT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -[F#-Net][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[F#-Net][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -[F#-Net][ OK? ][REJECT][ mozilla-modern ][mozilla-modern.badssl.com] -[F#-Net][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -[F#-Net][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -[F#-Net][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -[F#-Net][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -[F#-Net][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[F#-Net][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -[F#-Net][ OK? ][ACCEPT][ rc4 ][rc4.badssl.com] -[F#-Net][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -[F#-Net][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -[F#-Net][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -[F#-Net][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -[F#-Net][ OK? ][ACCEPT][ very ][very.badssl.com] -[F#-Net][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[F#-Net][ FAIL ][REJECT][ 1000-sans ][1000-sans.badssl.com] -[F#-Net][ FAIL ][REJECT][ dh2048 ][dh2048.badssl.com] - -[F#-Net][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[F#-Net][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[F#-Net][ PASS ][REJECT][ Logjam ][www.ssllabs.com] - -``` +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: mono 'Run.exe' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] +PASS expired certificate [reject expired.badssl.com:443] +PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] +PASS self-signed certificate [reject self-signed.badssl.com:443] +PASS SHA-256 signature [accept sha256.badssl.com:443] +FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] +PASS Superfish CA [reject superfish.badssl.com:443] +PASS eDellRoot CA [reject edellroot.badssl.com:443] +PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +PASS protect against the FREAK attack [reject www.ssllabs.com:10444] +PASS protect against the Logjam attack [reject www.ssllabs.com:10445] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:45876] +SKIP invalid localhost certificate [reject localhost:41046] +SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/c-openssl/results.txt b/stubs/c-openssl/results.txt index 6fc7924..54598c2 100644 --- a/stubs/c-openssl/results.txt +++ b/stubs/c-openssl/results.txt @@ -1,68 +1,21 @@ -``` -openssl: OpenSSL 1.1.0-pre6-dev -gcc (Ubuntu 5.4.0-6ubuntu1~16.04.1) 5.4.0 20160609 - platform: Linux (Ubuntu 16.04) -runner: bashtls -stub: c-openssl -``` - -``` -[c-openssl][ PASS ][ACCEPT][ Valid cert ][google.com] -[c-openssl][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[c-openssl][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[c-openssl][ PASS ][REJECT][ Logjam ][www.ssllabs.com] -[c-openssl][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[c-openssl][ PASS ][REJECT][ expired ][expired.badssl.com] -[c-openssl][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[c-openssl][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[c-openssl][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[c-openssl][ PASS ][ACCEPT][ 1000-sans ][1000-sans.badssl.com] -[c-openssl][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[c-openssl][ PASS ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[c-openssl][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[c-openssl][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[c-openssl][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[c-openssl][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[c-openssl][ PASS ][REJECT][ disable ca-bundles ][badssl.com] -[c-openssl][ PASS ][REJECT][ correct cn, wrong san ][localhost] -[c-openssl][ PASS ][REJECT][ expired cert ][localhost] -[c-openssl][ PASS ][REJECT][ sslv2 supported ][localhost] -[c-openssl][ PASS ][REJECT][ sslv3 supported ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'ADH' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'AECDH' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'DES' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'ECDSA' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'insecure' ciphers ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'MD5' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'NULL' ][localhost] -[c-openssl][ PASS ][REJECT][ supports 'RC4' ][localhost] -[c-openssl][ PASS ][REJECT][ wrong hostname ][localhost] -[c-openssl][ PASS ][ACCEPT][ correct cert ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports '3DES' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'AES' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'AES128' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'AES256' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'DH' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'ECDH' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'EDH' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports high(>128 bit) 'secure' ciphers ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'RSA' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'SHA' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'SHA256' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports 'SHA384' ][localhost] -[c-openssl][ PASS ][ACCEPT][ supports ssl in at least some level ][localhost] -[c-openssl][ PASS ][ACCEPT][ tlsv1.1 supported ][localhost] -[c-openssl][ PASS ][ACCEPT][ tlsv1.2 supported ][localhost] -[c-openssl][ PASS ][ACCEPT][ tlsv1 supported ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'DSS' ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'ECDSA' ][localhost] -[c-openssl][ OK? ][REJECT][ supports medium(~128 bit) 'secure' ciphers ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'PSK' ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'SEED' ][localhost] -[c-openssl][ OK? ][REJECT][ supports 'SRP' ][localhost] -[c-openssl][ OK? ][ACCEPT][ correct cn, no san ][localhost] -[c-openssl][ FAIL ][REJECT][ supports 'CAMELLIA128' ][localhost] -[c-openssl][ FAIL ][REJECT][ supports 'CAMELLIA256' ][localhost] -``` +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: './run' +SKIP support for TLS server name indication (SNI) [accept badssl.com:443] +SKIP expired certificate [reject expired.badssl.com:443] +SKIP wrong hostname in certificate [reject wrong.host.badssl.com:443] +SKIP self-signed certificate [reject self-signed.badssl.com:443] +SKIP SHA-256 signature [accept sha256.badssl.com:443] +SKIP 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +SKIP incomplete chain of trust [reject incomplete-chain.badssl.com:443] +SKIP Superfish CA [reject superfish.badssl.com:443] +SKIP eDellRoot CA [reject edellroot.badssl.com:443] +SKIP DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +SKIP protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +SKIP protect against the FREAK attack [reject www.ssllabs.com:10444] +SKIP protect against the Logjam attack [reject www.ssllabs.com:10445] +SKIP protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +SKIP protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +PASS valid localhost certificate [accept localhost:36226] +PASS invalid localhost certificate [reject localhost:32865] +PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/cSharp-Net/results.txt b/stubs/cSharp-Net/results.txt index 6f07edb..fd7db95 100644 --- a/stubs/cSharp-Net/results.txt +++ b/stubs/cSharp-Net/results.txt @@ -1,81 +1,21 @@ -``` -Mono JIT compiler version 4.5.2 -Mono C# compiler version 4.5.2.0 - -Do not use old compilers if it is not required for some reason. -For example Mono JIT compiler version 4.2.1 which is the currently (7.20.2016) default version -when installed using apt-get FAILS the expired certificate test. - -``` - -``` - platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: cSharp-Net 'Run.exe' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:36162] - SKIP invalid localhost certificate [reject localhost:44585] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: cSharp-Net 'run.exe' - -[C#-Net][ PASS ][ACCEPT][ Valid cert ][google.com] - -[C#-Net][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -[C#-Net][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[C#-Net][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[C#-Net][ PASS ][REJECT][ expired ][expired.badssl.com] -[C#-Net][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[C#-Net][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[C#-Net][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -[C#-Net][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[C#-Net][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[C#-Net][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[C#-Net][ OK? ][ UNSUPPORTED ][ disable ca-bundles ][badssl.com] -[C#-Net][ OK? ][REJECT][ dh1024 ][dh1024.badssl.com] -[C#-Net][ OK? ][REJECT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -[C#-Net][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[C#-Net][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -[C#-Net][ OK? ][REJECT][ mozilla-modern ][mozilla-modern.badssl.com] -[C#-Net][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -[C#-Net][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -[C#-Net][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -[C#-Net][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -[C#-Net][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[C#-Net][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -[C#-Net][ OK? ][ACCEPT][ rc4 ][rc4.badssl.com] -[C#-Net][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -[C#-Net][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -[C#-Net][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -[C#-Net][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -[C#-Net][ OK? ][ACCEPT][ very ][very.badssl.com] -[C#-Net][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[C#-Net][ FAIL ][REJECT][ 1000-sans ][1000-sans.badssl.com] -[C#-Net][ FAIL ][REJECT][ dh2048 ][dh2048.badssl.com] - -[C#-Net][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[C#-Net][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[C#-Net][ PASS ][REJECT][ Logjam ][www.ssllabs.com] - -``` +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: mono 'run.exe' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] +PASS expired certificate [reject expired.badssl.com:443] +PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] +PASS self-signed certificate [reject self-signed.badssl.com:443] +PASS SHA-256 signature [accept sha256.badssl.com:443] +FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] +PASS Superfish CA [reject superfish.badssl.com:443] +PASS eDellRoot CA [reject edellroot.badssl.com:443] +PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +PASS protect against the FREAK attack [reject www.ssllabs.com:10444] +PASS protect against the Logjam attack [reject www.ssllabs.com:10445] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:39737] +SKIP invalid localhost certificate [reject localhost:32835] +SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] diff --git a/stubs/go-nethttp/results.txt b/stubs/go-nethttp/results.txt index 3e5c18a..099a903 100644 --- a/stubs/go-nethttp/results.txt +++ b/stubs/go-nethttp/results.txt @@ -1,7 +1,7 @@ -``` platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) stub: go run 'run.go' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] PASS expired certificate [reject expired.badssl.com:443] PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] PASS self-signed certificate [reject self-signed.badssl.com:443] @@ -11,10 +11,11 @@ PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] PASS Superfish CA [reject superfish.badssl.com:443] PASS eDellRoot CA [reject edellroot.badssl.com:443] PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] -PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] PASS protect against the FREAK attack [reject www.ssllabs.com:10444] PASS protect against the Logjam attack [reject www.ssllabs.com:10445] -SKIP valid localhost certificate [accept localhost:45675] -SKIP invalid localhost certificate [reject localhost:38316] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:41714] +SKIP invalid localhost certificate [reject localhost:33175] SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] -``` diff --git a/stubs/vb-net/results.txt b/stubs/vb-net/results.txt index 4426eda..8a3e991 100644 --- a/stubs/vb-net/results.txt +++ b/stubs/vb-net/results.txt @@ -1,81 +1,22 @@ -``` -Mono JIT compiler version 4.5.2 -Visual Basic.Net Compiler version 0.0.0.5943 (Mono 4.0.1 - tarball) - -Do not use old compilers if it is not required for some reason. -For example Mono JIT compiler version 4.2.1 which is the currently (7.20.2016) default version -when installed using apt-get FAILS the expired certificate test. - -``` - -``` - -platform: Linux (Ubuntu 16.04) -runner: trytls 0.1.0 (CPython 2.7.12, OpenSSL 1.0.2g-fips) -stub: VB-Net 'Run.exe' - PASS expired certificate [reject expired.badssl.com:443] - PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] - PASS self-signed certificate [reject self-signed.badssl.com:443] - PASS SHA-256 signature [accept sha256.badssl.com:443] - FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] - PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] - PASS Superfish CA [reject superfish.badssl.com:443] - PASS eDellRoot CA [reject edellroot.badssl.com:443] - PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] - PASS protect against an OS X vulnerability [reject www.ssllabs.com:10443] - PASS protect against the FREAK attack [reject www.ssllabs.com:10444] - PASS protect against the Logjam attack [reject www.ssllabs.com:10445] - SKIP valid localhost certificate [accept localhost:36162] - SKIP invalid localhost certificate [reject localhost:44585] - SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443] - -``` - -``` platform: Linux (Ubuntu 16.04) -runner: simplerunner -stub: VB-Net 'Run.exe' - -[VB-Net][ PASS ][ACCEPT][ Valid cert ][google.com] - -[VB-Net][ PASS ][REJECT][ dh480 ][dh480.badssl.com] -[VB-Net][ PASS ][REJECT][ dsdtestprovider ][dsdtestprovider.badssl.com] -[VB-Net][ PASS ][REJECT][ edellroot ][edellroot.badssl.com] -[VB-Net][ PASS ][REJECT][ expired ][expired.badssl.com] -[VB-Net][ PASS ][REJECT][ self-signed ][self-signed.badssl.com] -[VB-Net][ PASS ][REJECT][ superfish ][superfish.badssl.com] -[VB-Net][ PASS ][REJECT][ untrusted-root ][untrusted-root.badssl.com] -[VB-Net][ PASS ][REJECT][ wrong host ][wrong.host.badssl.com] -[VB-Net][ PASS ][ACCEPT][ sha-256 ][sha256.badssl.com] -[VB-Net][ PASS ][ACCEPT][ supports SNI ][badssl.com] -[VB-Net][ OK? ][ UNSUPPORTED ][ disable ca-bundles ][badssl.com] -[VB-Net][ OK? ][REJECT][ dh1024 ][dh1024.badssl.com] -[VB-Net][ OK? ][REJECT][ dh-small-subgroup ][dh-small-subgroup.badssl.com] -[VB-Net][ OK? ][REJECT][ incomplete-chain ][incomplete-chain.badssl.com] -[VB-Net][ OK? ][REJECT][ mozilla-intermediate ][mozilla-intermidiate.badssl.com] -[VB-Net][ OK? ][REJECT][ mozilla-modern ][mozilla-modern.badssl.com] -[VB-Net][ OK? ][REJECT][ subdomain.preloaded-hsts ][subdomain.preloaded-hsts.badssl.com] -[VB-Net][ OK? ][ACCEPT][ cbc ][cbc.badssl.com] -[VB-Net][ OK? ][ACCEPT][ hsts ][hsts.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mixed ][mixed.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mixed-favicon ][mixed-favicon.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mixed-script ][mixed-script.badssl.com] -[VB-Net][ OK? ][ACCEPT][ mozilla-old ][mozilla-old.badssl.com] -[VB-Net][ OK? ][ACCEPT][ pinning-test ][pinning-test.badssl.com] -[VB-Net][ OK? ][ACCEPT][ preloaded-hsts ][preloaded-hsts.badssl.com] -[VB-Net][ OK? ][ACCEPT][ rc4 ][rc4.badssl.com] -[VB-Net][ OK? ][ACCEPT][ rsa8192 ][rsa8192.badssl.com] -[VB-Net][ OK? ][ACCEPT][ sha1-2016 ][sha1-2016.badssl.com] -[VB-Net][ OK? ][ACCEPT][ sha1-2017 ][sha1-2017.badssl.com] -[VB-Net][ OK? ][ACCEPT][ upgrade ][upgrade.badssl.com] -[VB-Net][ OK? ][ACCEPT][ very ][very.badssl.com] -[VB-Net][ FAIL ][REJECT][ 10000-sans (Bad in ten years) ][10000-sans.badssl.com] -[VB-Net][ FAIL ][REJECT][ 1000-sans ][1000-sans.badssl.com] -[VB-Net][ FAIL ][REJECT][ dh2048 ][dh2048.badssl.com] - -[VB-Net][ PASS ][REJECT][ OS X vulnerability ][www.ssllabs.com] -[VB-Net][ PASS ][REJECT][ Freak ][www.ssllabs.com] -[VB-Net][ PASS ][REJECT][ Logjam ][www.ssllabs.com] - -``` +runner: trytls 0.2.0 (CPython 2.7.12, OpenSSL 1.1.0-pre6-dev) +stub: mono 'Run.exe' +PASS support for TLS server name indication (SNI) [accept badssl.com:443] +PASS expired certificate [reject expired.badssl.com:443] +PASS wrong hostname in certificate [reject wrong.host.badssl.com:443] +PASS self-signed certificate [reject self-signed.badssl.com:443] +PASS SHA-256 signature [accept sha256.badssl.com:443] +FAIL 1000 subjectAltNames [accept 1000-sans.badssl.com:443] +PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443] +PASS Superfish CA [reject superfish.badssl.com:443] +PASS eDellRoot CA [reject edellroot.badssl.com:443] +PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443] +PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443] +PASS protect against the FREAK attack [reject www.ssllabs.com:10444] +PASS protect against the Logjam attack [reject www.ssllabs.com:10445] +PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443] +PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443] +SKIP valid localhost certificate [accept localhost:44164] +SKIP invalid localhost certificate [reject localhost:37063] +SKIP use only the given CA bundle, not system's [reject sha256.badssl.com:443]