Codebase list sslscan / 28dd2aa
New upstream version 2.0.9 Sophie Brun 3 years ago
21 changed file(s) with 107 addition(s) and 207 deletion(s). Raw diff Collapse all Expand all
+6
-0
Changelog less more
00 Changelog
11 =========
2 Version: 2.0.9
3 Date : 24/03/2021
4 Author : rbsec <[email protected]>
5 Changes: The following are a list of changes
6 > Warn on TLSv1.1, as it's now deprecated by RFC 8996
7
28 Version: 2.0.8
39 Date : 12/02/2021
410 Author : rbsec <[email protected]>
+1
-1
README.md less more
6060 * Display EC curve names and DHE key lengths with OpenSSL >= 1.0.2 `--no-cipher-details`.
6161 * Flag weak DHE keys with OpenSSL >= 1.0.2 `--cipher-details`.
6262 * Flag expired certificates.
63 * Flag TLSv1.0 ciphers in output as weak.
63 * Flag TLSv1.0 and TLSv1.1 protocols in output as weak.
6464 * Experimental OS X support (static building only).
6565 * Support for scanning PostgreSQL servers (credit nuxi).
6666 * Check for TLS Fallback SCSV support.
+20
-37
docker_test/expected_output/test_1.txt less more
66 SSLv2 disabled
77 SSLv3 enabled
88 TLSv1.0 enabled
9 TLSv1.1 enabled
9 TLSv1.1 enabled
1010 TLSv1.2 enabled
1111 TLSv1.3 disabled
1212
5555 Accepted TLSv1.2 128 bits RC4-SHA 
5656 Accepted TLSv1.2 128 bits RC4-MD5 
5757 Accepted TLSv1.2 112 bits DES-CBC3-SHA 
58 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
59 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
60 Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
61 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
62 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
63 Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
64 Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
65 Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA  Curve P-256 DHE 256
66 Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA  Curve P-256 DHE 256
67 Accepted TLSv1.1 112 bits DHE-RSA-DES-CBC3-SHA  DHE 2048 bits
68 Accepted TLSv1.1 256 bits AES256-SHA
69 Accepted TLSv1.1 256 bits CAMELLIA256-SHA
70 Accepted TLSv1.1 128 bits AES128-SHA
71 Accepted TLSv1.1 128 bits SEED-SHA
72 Accepted TLSv1.1 128 bits CAMELLIA128-SHA
73 Accepted TLSv1.1 128 bits IDEA-CBC-SHA
74 Accepted TLSv1.1 128 bits RC4-SHA 
75 Accepted TLSv1.1 128 bits RC4-MD5 
76 Accepted TLSv1.1 112 bits DES-CBC3-SHA 
58 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
59 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
60 Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
61 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
62 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
63 Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
64 Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
65 Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA  Curve P-256 DHE 256
66 Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA  Curve P-256 DHE 256
67 Accepted TLSv1.1 112 bits DHE-RSA-DES-CBC3-SHA  DHE 2048 bits
68 Accepted TLSv1.1 256 bits AES256-SHA
69 Accepted TLSv1.1 256 bits CAMELLIA256-SHA
70 Accepted TLSv1.1 128 bits AES128-SHA
71 Accepted TLSv1.1 128 bits SEED-SHA
72 Accepted TLSv1.1 128 bits CAMELLIA128-SHA
73 Accepted TLSv1.1 128 bits IDEA-CBC-SHA
74 Accepted TLSv1.1 128 bits RC4-SHA 
75 Accepted TLSv1.1 128 bits RC4-MD5 
76 Accepted TLSv1.1 112 bits DES-CBC3-SHA 
7777 Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7878 Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
7979 Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
9797 Server Key Exchange Group(s):
9898 TLSv1.2 128 bits secp256r1 (NIST P-256)
9999
100 Server Signature Algorithm(s):
101 TLSv1.2 rsa_pkcs1_sha1
102 TLSv1.2 dsa_sha1
103 TLSv1.2 ecdsa_sha1
104 TLSv1.2 rsa_pkcs1_sha224
105 TLSv1.2 dsa_sha224
106 TLSv1.2 ecdsa_sha224
107 TLSv1.2 rsa_pkcs1_sha256
108 TLSv1.2 dsa_sha256
109 TLSv1.2 ecdsa_secp256r1_sha256
110 TLSv1.2 rsa_pkcs1_sha384
111 TLSv1.2 dsa_sha384
112 TLSv1.2 ecdsa_secp384r1_sha384
113 TLSv1.2 rsa_pkcs1_sha512
114 TLSv1.2 dsa_sha512
115 TLSv1.2 ecdsa_secp521r1_sha512
116
117100 SSL Certificate:
118101 Signature Algorithm: sha256WithRSAEncryption
119102 RSA Key Strength: 2048
+1
-1
docker_test/expected_output/test_10.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 enabled
1111 TLSv1.3 disabled
1212
+2
-2
docker_test/expected_output/test_11.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 enabled
9 TLSv1.1 enabled
9 TLSv1.1 enabled
1010 TLSv1.2 enabled
11 TLSv1.3 enabled
11 TLSv1.3 disabled
1212
1313 OCSP Stapling Request:
1414 OCSP Response Status: successful (0x0)
+1
-4
docker_test/expected_output/test_12.txt less more
66 SSLv2 enabled
77 SSLv3 enabled
88 TLSv1.0 enabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 disabled
1111 TLSv1.3 disabled
1212
4848 Server Key Exchange Group(s):
4949 TLSv1.0 128 bits secp256r1 (NIST P-256)
5050
51 Server Signature Algorithm(s):
52 TLSv1.0 Server accepts all signature algorithms.
53
5451 SSL Certificate:
5552 Signature Algorithm: md5WithRSAEncryption
5653 RSA Key Strength: 512
+8
-14
docker_test/expected_output/test_13.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 enabled
9 TLSv1.1 enabled
9 TLSv1.1 enabled
1010 TLSv1.2 enabled
1111 TLSv1.3 enabled
1212
4848 Accepted TLSv1.2 128 bits AES128-CCM
4949 Accepted TLSv1.2 256 bits AES256-SHA
5050 Accepted TLSv1.2 128 bits AES128-SHA
51 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
52 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
53 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
54 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
55 Accepted TLSv1.1 256 bits AES256-SHA
56 Accepted TLSv1.1 128 bits AES128-SHA
51 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
52 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
53 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
54 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
55 Accepted TLSv1.1 256 bits AES256-SHA
56 Accepted TLSv1.1 128 bits AES128-SHA
5757 Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
5858 Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
5959 Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
7676 TLSv1.2 260 bits secp521r1 (NIST P-521)
7777 TLSv1.2 128 bits x25519
7878
79 Server Signature Algorithm(s):
80 TLSv1.3 rsa_pss_rsae_sha256
81 TLSv1.3 rsa_pss_rsae_sha384
82 TLSv1.3 rsa_pss_rsae_sha512
83 TLSv1.2 Server accepts all signature algorithms.
84
8579 SSL Certificate:
8680 Signature Algorithm: sha256WithRSAEncryption
87 RSA Key Strength: 3072
81 RSA Key Strength: 3072
8882
8983 Subject: lmgtfy.com
9084 Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere
+2
-8
docker_test/expected_output/test_14.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 enabled
1111 TLSv1.3 enabled
1212
5252 TLSv1.3 192 bits ffdhe8192
5353 TLSv1.2 260 bits secp521r1 (NIST P-521)
5454
55 Server Signature Algorithm(s):
56 TLSv1.3 rsa_pss_rsae_sha256
57 TLSv1.3 rsa_pss_rsae_sha384
58 TLSv1.3 rsa_pss_rsae_sha512
59 TLSv1.2 Server accepts all signature algorithms.
60
6155 SSL Certificate:
6256 Signature Algorithm: sha256WithRSAEncryption
63 RSA Key Strength: 3072
57 RSA Key Strength: 3072
6458
6559 Subject: lmgtfy.com
6660 Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere
+3
-10
docker_test/expected_output/test_15.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 enabled
9 TLSv1.1 enabled
9 TLSv1.1 enabled
1010 TLSv1.2 enabled
1111 TLSv1.3 enabled
1212
3737 Accepted TLSv1.2 128 bits ECDHE-ECDSA-AES128-CCM Curve 25519 DHE 253
3838 Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
3939 Accepted TLSv1.2 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253
40 Preferred TLSv1.1 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
41 Accepted TLSv1.1 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253
40 Preferred TLSv1.1 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
41 Accepted TLSv1.1 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253
4242 Preferred TLSv1.0 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
4343 Accepted TLSv1.0 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253
4444
5757 TLSv1.2 260 bits secp521r1 (NIST P-521)
5858 TLSv1.2 128 bits x25519
5959
60 Server Signature Algorithm(s):
61 TLSv1.3 ecdsa_secp256r1_sha256
62 TLSv1.2 ecdsa_sha1
63 TLSv1.2 ecdsa_secp256r1_sha256
64 TLSv1.2 ecdsa_secp384r1_sha384
65 TLSv1.2 ecdsa_secp521r1_sha512
66
6760 SSL Certificate:
6861 Signature Algorithm: sha256WithRSAEncryption
6962 ECC Curve Name: prime256v1
+1
-18
docker_test/expected_output/test_16.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 enabled
1111 TLSv1.3 disabled
1212
4949 Server Key Exchange Group(s):
5050 TLSv1.2 81 bits sect163k1
5151
52 Server Signature Algorithm(s):
53 TLSv1.2 rsa_pkcs1_sha1
54 TLSv1.2 dsa_sha1
55 TLSv1.2 ecdsa_sha1
56 TLSv1.2 rsa_pkcs1_sha224
57 TLSv1.2 dsa_sha224
58 TLSv1.2 ecdsa_sha224
59 TLSv1.2 rsa_pkcs1_sha256
60 TLSv1.2 dsa_sha256
61 TLSv1.2 ecdsa_secp256r1_sha256
62 TLSv1.2 rsa_pkcs1_sha384
63 TLSv1.2 dsa_sha384
64 TLSv1.2 ecdsa_secp384r1_sha384
65 TLSv1.2 rsa_pkcs1_sha512
66 TLSv1.2 dsa_sha512
67 TLSv1.2 ecdsa_secp521r1_sha512
68
6952 SSL Certificate:
7053 Signature Algorithm: sha256WithRSAEncryption
7154 RSA Key Strength: 1024
+1
-10
docker_test/expected_output/test_17.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 enabled
1111 TLSv1.3 disabled
1212
4040 Server Key Exchange Group(s):
4141 TLSv1.2 256 bits brainpoolP512r1
4242
43 Server Signature Algorithm(s):
44 TLSv1.2 rsa_pkcs1_sha1
45 TLSv1.2 rsa_pkcs1_sha224
46 TLSv1.2 rsa_pkcs1_sha256
47 TLSv1.2 rsa_pkcs1_sha384
48 TLSv1.2 rsa_pkcs1_sha512
49 TLSv1.2 rsa_pss_rsae_sha256
50 TLSv1.2 rsa_pss_rsae_sha384
51
5243 SSL Certificate:
5344 Signature Algorithm: sha256WithRSAEncryption
5445 RSA Key Strength: 1024
+1
-4
docker_test/expected_output/test_18.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 enabled
1111 TLSv1.3 disabled
1212
3333 TLSv1.2 260 bits secp521r1 (NIST P-521)
3434 TLSv1.2 128 bits x25519
3535
36 Server Signature Algorithm(s):
37 TLSv1.2 ecdsa_sha1
38
3936 SSL Certificate:
4037 Signature Algorithm: sha256WithRSAEncryption
4138 ECC Curve Name: prime256v1
+1
-1
docker_test/expected_output/test_2.txt less more
66 SSLv2 enabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 disabled
1111 TLSv1.3 disabled
1212
+1
-1
docker_test/expected_output/test_3.txt less more
66 SSLv2 disabled
77 SSLv3 enabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 disabled
1111 TLSv1.3 disabled
1212
+8
-21
docker_test/expected_output/test_4.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 enabled
9 TLSv1.1 enabled
9 TLSv1.1 enabled
1010 TLSv1.2 enabled
1111 TLSv1.3 enabled
1212
4949 Accepted TLSv1.2 128 bits AES128-SHA256
5050 Accepted TLSv1.2 256 bits AES256-SHA
5151 Accepted TLSv1.2 128 bits AES128-SHA
52 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
53 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 3072 bits
54 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
55 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 3072 bits
56 Accepted TLSv1.1 256 bits AES256-SHA
57 Accepted TLSv1.1 128 bits AES128-SHA
52 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
53 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 3072 bits
54 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
55 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 3072 bits
56 Accepted TLSv1.1 256 bits AES256-SHA
57 Accepted TLSv1.1 128 bits AES128-SHA
5858 Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
5959 Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 3072 bits
6060 Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
7474 TLSv1.2 128 bits x25519
7575 TLSv1.2 224 bits x448
7676
77 Server Signature Algorithm(s):
78 TLSv1.3 rsa_pss_rsae_sha256
79 TLSv1.3 rsa_pss_rsae_sha384
80 TLSv1.3 rsa_pss_rsae_sha512
81 TLSv1.2 rsa_pkcs1_sha1
82 TLSv1.2 rsa_pkcs1_sha224
83 TLSv1.2 rsa_pkcs1_sha256
84 TLSv1.2 rsa_pkcs1_sha384
85 TLSv1.2 rsa_pkcs1_sha512
86 TLSv1.2 rsa_pss_rsae_sha256
87 TLSv1.2 rsa_pss_rsae_sha384
88 TLSv1.2 rsa_pss_rsae_sha512
89
9077 SSL Certificate:
9178 Signature Algorithm: sha256WithRSAEncryption
92 RSA Key Strength: 3072
79 RSA Key Strength: 3072
9380
9481 Subject: lmgtfy.com
9582 Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere
+37
-54
docker_test/expected_output/test_5.txt less more
66 SSLv2 disabled
77 SSLv3 enabled
88 TLSv1.0 enabled
9 TLSv1.1 enabled
9 TLSv1.1 enabled
1010 TLSv1.2 enabled
1111 TLSv1.3 disabled
1212
7676 Accepted TLSv1.2 56 bits TLS_RSA_WITH_DES_CBC_SHA 
7777 Accepted TLSv1.2 56 bits TLS_DHE_RSA_WITH_DES_CBC_SHA 
7878 Accepted TLSv1.2 56 bits TLS_DH_anon_WITH_DES_CBC_SHA 
79 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
80 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
81 Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
82 Accepted TLSv1.1 256 bits AECDH-AES256-SHA  Curve P-256 DHE 256
83 Accepted TLSv1.1 256 bits ADH-AES256-SHA  DHE 1024 bits
84 Accepted TLSv1.1 256 bits ADH-CAMELLIA256-SHA  DHE 1024 bits
85 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
86 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
87 Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
88 Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
89 Accepted TLSv1.1 128 bits AECDH-AES128-SHA  Curve P-256 DHE 256
90 Accepted TLSv1.1 128 bits ADH-AES128-SHA  DHE 1024 bits
91 Accepted TLSv1.1 128 bits ADH-SEED-SHA  DHE 1024 bits
92 Accepted TLSv1.1 128 bits ADH-CAMELLIA128-SHA  DHE 1024 bits
93 Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA  Curve P-256 DHE 256
94 Accepted TLSv1.1 128 bits AECDH-RC4-SHA  Curve P-256 DHE 256
95 Accepted TLSv1.1 128 bits ADH-RC4-MD5  DHE 1024 bits
96 Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA  Curve P-256 DHE 256
97 Accepted TLSv1.1 112 bits DHE-RSA-DES-CBC3-SHA  DHE 1024 bits
98 Accepted TLSv1.1 112 bits AECDH-DES-CBC3-SHA  Curve P-256 DHE 256
99 Accepted TLSv1.1 112 bits ADH-DES-CBC3-SHA  DHE 1024 bits
100 Accepted TLSv1.1 256 bits AES256-SHA
101 Accepted TLSv1.1 256 bits CAMELLIA256-SHA
102 Accepted TLSv1.1 128 bits AES128-SHA
103 Accepted TLSv1.1 128 bits SEED-SHA
104 Accepted TLSv1.1 128 bits CAMELLIA128-SHA
105 Accepted TLSv1.1 128 bits IDEA-CBC-SHA
106 Accepted TLSv1.1 128 bits RC4-SHA 
107 Accepted TLSv1.1 128 bits RC4-MD5 
108 Accepted TLSv1.1 112 bits DES-CBC3-SHA 
109 Accepted TLSv1.1 40 bits TLS_RSA_EXPORT_WITH_RC4_40_MD5
110 Accepted TLSv1.1 40 bits TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
111 Accepted TLSv1.1 40 bits TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
112 Accepted TLSv1.1 56 bits TLS_RSA_WITH_DES_CBC_SHA 
113 Accepted TLSv1.1 56 bits TLS_DHE_RSA_WITH_DES_CBC_SHA 
114 Accepted TLSv1.1 56 bits TLS_DH_anon_WITH_DES_CBC_SHA 
79 Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
80 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
81 Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
82 Accepted TLSv1.1 256 bits AECDH-AES256-SHA  Curve P-256 DHE 256
83 Accepted TLSv1.1 256 bits ADH-AES256-SHA  DHE 1024 bits
84 Accepted TLSv1.1 256 bits ADH-CAMELLIA256-SHA  DHE 1024 bits
85 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
86 Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
87 Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
88 Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
89 Accepted TLSv1.1 128 bits AECDH-AES128-SHA  Curve P-256 DHE 256
90 Accepted TLSv1.1 128 bits ADH-AES128-SHA  DHE 1024 bits
91 Accepted TLSv1.1 128 bits ADH-SEED-SHA  DHE 1024 bits
92 Accepted TLSv1.1 128 bits ADH-CAMELLIA128-SHA  DHE 1024 bits
93 Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA  Curve P-256 DHE 256
94 Accepted TLSv1.1 128 bits AECDH-RC4-SHA  Curve P-256 DHE 256
95 Accepted TLSv1.1 128 bits ADH-RC4-MD5  DHE 1024 bits
96 Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA  Curve P-256 DHE 256
97 Accepted TLSv1.1 112 bits DHE-RSA-DES-CBC3-SHA  DHE 1024 bits
98 Accepted TLSv1.1 112 bits AECDH-DES-CBC3-SHA  Curve P-256 DHE 256
99 Accepted TLSv1.1 112 bits ADH-DES-CBC3-SHA  DHE 1024 bits
100 Accepted TLSv1.1 256 bits AES256-SHA
101 Accepted TLSv1.1 256 bits CAMELLIA256-SHA
102 Accepted TLSv1.1 128 bits AES128-SHA
103 Accepted TLSv1.1 128 bits SEED-SHA
104 Accepted TLSv1.1 128 bits CAMELLIA128-SHA
105 Accepted TLSv1.1 128 bits IDEA-CBC-SHA
106 Accepted TLSv1.1 128 bits RC4-SHA 
107 Accepted TLSv1.1 128 bits RC4-MD5 
108 Accepted TLSv1.1 112 bits DES-CBC3-SHA 
109 Accepted TLSv1.1 40 bits TLS_RSA_EXPORT_WITH_RC4_40_MD5
110 Accepted TLSv1.1 40 bits TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
111 Accepted TLSv1.1 40 bits TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
112 Accepted TLSv1.1 56 bits TLS_RSA_WITH_DES_CBC_SHA 
113 Accepted TLSv1.1 56 bits TLS_DHE_RSA_WITH_DES_CBC_SHA 
114 Accepted TLSv1.1 56 bits TLS_DH_anon_WITH_DES_CBC_SHA 
115115 Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
116116 Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
117117 Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
152152 Server Key Exchange Group(s):
153153 TLSv1.2 128 bits secp256r1 (NIST P-256)
154154
155 Server Signature Algorithm(s):
156 TLSv1.2 rsa_pkcs1_sha1
157 TLSv1.2 dsa_sha1
158 TLSv1.2 ecdsa_sha1
159 TLSv1.2 rsa_pkcs1_sha224
160 TLSv1.2 dsa_sha224
161 TLSv1.2 ecdsa_sha224
162 TLSv1.2 rsa_pkcs1_sha256
163 TLSv1.2 dsa_sha256
164 TLSv1.2 ecdsa_secp256r1_sha256
165 TLSv1.2 rsa_pkcs1_sha384
166 TLSv1.2 dsa_sha384
167 TLSv1.2 ecdsa_secp384r1_sha384
168 TLSv1.2 rsa_pkcs1_sha512
169 TLSv1.2 dsa_sha512
170 TLSv1.2 ecdsa_secp521r1_sha512
171
172155 SSL Certificate:
173156 Signature Algorithm: sha256WithRSAEncryption
174157 RSA Key Strength: 1024
+2
-7
docker_test/expected_output/test_6.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 disabled
1111 TLSv1.3 enabled
1212
3636 TLSv1.3 128 bits x25519
3737 TLSv1.3 224 bits x448
3838
39 Server Signature Algorithm(s):
40 TLSv1.3 rsa_pss_rsae_sha256
41 TLSv1.3 rsa_pss_rsae_sha384
42 TLSv1.3 rsa_pss_rsae_sha512
43
4439 SSL Certificate:
4540 Signature Algorithm: sha256WithRSAEncryption
46 RSA Key Strength: 3072
41 RSA Key Strength: 3072
4742
4843 Subject: lmgtfy.com
4944 Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere
+2
-5
docker_test/expected_output/test_7.txt less more
66 SSLv2 enabled
77 SSLv3 enabled
88 TLSv1.0 enabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 disabled
1111 TLSv1.3 disabled
1212
4848 Server Key Exchange Group(s):
4949 TLSv1.0 128 bits secp256r1 (NIST P-256)
5050
51 Server Signature Algorithm(s):
52 TLSv1.0 Server accepts all signature algorithms.
53
5451 SSL Certificate:
5552 Signature Algorithm: sha256WithRSAEncryption
56 RSA Key Strength: 3072
53 RSA Key Strength: 3072
5754
5855 Subject: lmgtfy.com
5956 Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere
+2
-5
docker_test/expected_output/test_8.txt less more
66 SSLv2 enabled
77 SSLv3 enabled
88 TLSv1.0 enabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 disabled
1111 TLSv1.3 disabled
1212
7070 Server Key Exchange Group(s):
7171 TLSv1.0 128 bits secp256r1 (NIST P-256)
7272
73 Server Signature Algorithm(s):
74 TLSv1.0 Server accepts all signature algorithms.
75
7673 SSL Certificate:
7774 Signature Algorithm: sha256WithRSAEncryption
78 RSA Key Strength: 3072
75 RSA Key Strength: 32m30720m
7976
8077 Subject: lmgtfy.com
8178 Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere
+1
-1
docker_test/expected_output/test_9.txt less more
66 SSLv2 disabled
77 SSLv3 disabled
88 TLSv1.0 disabled
9 TLSv1.1 disabled
9 TLSv1.1 disabled
1010 TLSv1.2 enabled
1111 TLSv1.3 disabled
1212
+6
-3
sslscan.c less more
15891589 printf_xml(" sslversion=\"%s\"", cleanSslMethod);
15901590 if (strcmp(cleanSslMethod, "TLSv1.3") == 0) {
15911591 printf("%sTLSv1.3%s ", COL_GREEN, RESET);
1592 }
1593 else if (strcmp(cleanSslMethod, "TLSv1.1") == 0) {
1594 printf("%sTLSv1.1%s ", COL_YELLOW, RESET);
15921595 }
15931596 else if (strcmp(cleanSslMethod, "TLSv1.0") == 0) {
15941597 printf("%sTLSv1.0%s ", COL_YELLOW, RESET);
33433346
33443347 if ((options->sslVersion == ssl_all) || (options->sslVersion == tls_all) || (options->sslVersion == tls_v11)) {
33453348 if ((options->tls11_supported = checkIfTLSVersionIsSupported(options, TLSv1_1))) {
3346 printf("TLSv1.1 enabled\n");
3349 printf("TLSv1.1 %senabled%s\n", COL_YELLOW, RESET);
33473350 printf_xml(" <protocol type=\"tls\" version=\"1.1\" enabled=\"1\" />\n");
33483351 } else {
3349 printf("TLSv1.1 disabled\n");
3352 printf("TLSv1.1 %sdisabled%s\n", COL_GREEN, RESET);
33503353 printf_xml(" <protocol type=\"tls\" version=\"1.1\" enabled=\"0\" />\n");
33513354 }
33523355 }
57175720
57185721 /* If the server accepted our bogus signature ID, then we can conclude that it will accept all of them (and not test any further). Some servers in the wild do this for some reason... */
57195722 if (sig_id == BOGUS_SIG_ALG_ID) {
5720 printf("%s%s Server accepts all signature algorithms.%s\n", getPrintableTLSName(tls_version), COL_YELLOW, RESET);
5723 printf("%s%s Server accepts all signature algorithms.%s\n", getPrintableTLSName(tls_version), COL_RED, RESET);
57215724 printf_xml(" <connection-signature-algorithm sslversion=\"%s\" name=\"ANY\" id=\"0xfdff\" />\n", getPrintableTLSName(tls_version));
57225725 goto done;
57235726 } else {