[Feature request] redundancy of ClientHellos #2910
Description
Please check this repo whether this is a known feature request
not solved but I thought I mentioned it already here. Cannot find it anymore though.
Describe your feature request (if it's a technical feature)
testssl.sh does a lot of ClientHellos to find out in each test how the sever is configured. Apart from SSL/TLS protocols this information is ephemeral . It would be great to save information about ciphers. The aim is to reduce the number of ClientHellos , for two reasons:
- saving runtime (major time hogs are Heartbleed, ROBOT and renegotiation checks though)
- maintain in the end of a run a clear picture like an array of tree which can be futher used (compliance scan, etc.)
Describe the solution you'd like
Maybe something like a tree with (first shot), SSL/TLS protocols and ciphers
|-- SSLv2
| |-- DES-CBC-MD5
| |-- RC2-CBC-MD5
|
|-- SSLv3
| |-- RC4-MD5
| |-- 3DES-SHA1
|
|-- TLS 1.0
| |-- TLS_RSA_WITH_3DES_EDE_CBC_SHA
| |-- TLS_RSA_WITH_AES_128_CBC_SHA
|
|-- TLS 1.1
| |-- TLS_RSA_WITH_AES_128_CBC_SHA
| |-- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
|-- TLS 1.2
| |-- TLS_RSA_WITH_AES_128_GCM_SHA256
| |-- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|-- TLS 1.3
| |-- TLS_AES_128_GCM_SHA256
| |-- TLS_CHACHA20_POLY1305_SHA256
|
|-- QUIC
| |-- TLS_AES_128_GCM_SHA256
This could be extended with more cryptographic properties as needed.
Internally an associative array is suggested. Problem is though that it only seems to be supported in bash >=4
which MacOS lacks, unless installed via e.g. homebrew.
Which version are you referring to
3.3dev