David Cooper
David Cooper
Hello @joyantaDebnath, I'm not an OpenSSL developer, so I won't speak to what checks OpenSSL should or should not perform to check that a CA didn't issue a malformed certificate...
This appears to be the same as #52, which would be fixed by #46 and #47.
See #46 and #47.
Hello @Odinmylord, Thanks for submitting this PR. I had started work on something similar a long time ago, but never had the time to finish it. I haven't tested you...
Hello @Odinmylord, I placed my initial work on a PR at https://github.com/dcooper16/testssl.sh/commit/2ff7891db3b13e8975c72325f5b98196470afe0e. It has been quite a while since I looked at this, but I tried my best in the...
> neither LibreSSL nor OpenSSL send the signature_algorithms_cert extension [source](https://github.com/openssl/openssl/blob/a19553cd872047289d6fc730a864bf9d984283ce/ssl/statem/extensions.c#L303) . This means that the value should be retrieved from the signature_algorithms extension for TLS1.3 and from the CertificateRequest message...
Hi @Odinmylord, Sorry for being so slow to respond, but I don't have much time to look at testssl.sh at the moment. > > Again, any such enhancement would have...
Hello @l4rm4nd, The issue is that this server is configured to use TLS_CHACHA20_POLY1305_SHA256 as its most preferred TLS 1.3 cipher suite. When running `--server-defaults` testssl.sh needs to decrypt TLS 1.3...
Hello @l4rm4nd, Can you point to a server for which the RC4 checks are not working? The RC4 checks should work even if the OpenSSL you are using does not...
Hello @v-p-b, Is this server publicly available so that we can test against it? If not, could you please be more clear about what you are seeing? I am looking...