MacOS X test requested #40
Comments
|
Is it still outstanding? Which command would you want to try on a Mac - |
|
That would be great! And the info on the OpenSSL version used (openssl version -a). PS: The IP address above is not mine anymore. If you mind rather use something different (dev.testssl.sh or testssl.sh). |
|
can somebody help here for the upcoming 2.4? |
|
Is there a specific version of OS X you want tested? Sent from my iPhone
|
|
Am 9. Mai 2015 19:38:49 MESZ, schrieb keith4 [email protected]:
I own no Apple, so basically every test would help. Best would be first the latest and greatest. I will do final test on FreeBSD 9 too but I can't tell how much both differ. Important to me would be glitches in the output and differences in the results. Cheers, Dirk
|
|
OSX 10.10.3 ¡¡¡ at your own risk !!! /usr/bin/openssl is way too old (< version 1.0) Followed this http://apple.stackexchange.com/a/126832 and it allowed me to run the script with out this that error. I then run into this issue. " Has server cipher order? yes (OK) Remember when it it did this before? |
|
also: ./testssl.sh dev.testssl.sh ######################################################### This program is free software. Redistribution + Note: you can only check the server with what is Using "OpenSSL 1.0.2a 19 Mar 2015" [~ 136 ciphers] on Testing now (2015-05-09 22:38) ---> 81.169.199.25:443 (dev.testssl.sh) <--- rDNS (81.169.199.25): testssl.sh --> Testing protocols (via sockets for SSLv2, SSLv3) SSLv2 not offered (OK) --> Testing standard cipher lists Null Cipher not offered (OK) --> Testing server preferences Has server cipher order? nope (NOT ok) --> Testing server defaults (Server Hello) TLS timestamp: random values, no fingerprinting possible |
|
Thx for this one. Need to provide a date function for BSD/Linux.. The cipher order formatting will be done also |
|
did some FreeBSD 9 tests.. Looking at that there's still some way to go. How realistic is it a MAC user doesn't use ports? |
|
I would say, if you were on OSX and running this script, you would be using a port. Latest Pull HSTS -- ./testssl.sh reddit.com Cipher order |
|
Those two should fixed, thx for reporting! FYI: Supporting bare openssl (FreeBSD has "OpenSSL 0.9.8za-freebsd") would be a pain -- I am testing the return values. With "normal" openssl binaries this works if the server doesn't provide the tested feature. OpenSSL 0.9.8za instead returns always 0 and throws an error. |
|
Looks like you got them now. Great work. |
|
Thx, @salt-lick! @ALL: If there's anything else using ports, pls let me know. Otherwise I am closing this issue soon. I will have a closer look @ #101, #102, #103 though but a first glance let me assume the old openssl is the culprit here. That won't be done in 2.4, maybe in a later release. |
|
done for 2.4 |
- http date - cipher list in preferences - GET_REQ11 now closes the connection - openssl_age comes afeter the banner so that help doesn't need to go thru this - uname -s ==> SYSTEM
This PR provides improvements to `run_mass_testing_parallel()`. Currently, `run_mass_testing_parallel()` treats `$MAX_PARALLEL` as the maximum difference between the number of the test whose results were last processed and the number of the most recently started test. This means that test testssl#40 will not be started until the results of test #20 have been processed. I've encountered situations in which tests 21 though 39 have completed, but test #20 is still running, and so no new tests are started. This PR fixes the problem by checking the status of all running child tests to see if any are complete, rather than just looking at `$NEXT_PARALLEL_TEST_TO_FINISH`. This prevents one slow child test (or a few slow child tests) from slowing up the entire mass testing process. This PR also changes the basis for determining whether a slow child process should be killed. Rather than waiting `$MAX_WAIT_TEST` seconds from the time that the parent started waiting (which is rather arbitrary), it kills the process if `$MAX_WAIT_TEST` seconds have passed since the child test was started. Given this, and that the above change makes it less likely that a slow child test will slow up the overall testing, I increased `$MAX_WAIT_TEST` from 600 seconds to 1200 seconds. I added some `debugme` statements that provide feedback on the status of testing, but in non-debug mode there may be a perception issue. If one test (e.g., test #20) is very slow, testssl.sh will not display any results from later tests until the slow test finishes, even though testssl.sh will continue running new tests in the background. The user, seeing no output from testssl.sh for an extended period of time, may think that testssl.sh has frozen, even though it is really just holding back on displaying the later results so that the results will be displayed in the order in which the tests were started.
Can't tell whether with that old openssl version (native but ports would be interesting too) a error free detection is possible. Without BSD ports under FreeBSD 9 I get useless results.
Can somebody please check against testssl.sh and let me know? Thx!
The text was updated successfully, but these errors were encountered: