From 55fda3456d25002f6e063e6c7efa64c8dfe2978e Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sat, 28 Feb 2026 10:45:42 +0100 Subject: [PATCH] Update TLS tests with pqc_arm.txt (on rpi 5, slightly differs from pqc.txt) OpenSSL prefering X25519 vs secp521r1 for ECDH and vice versa, still looks fine. --- extras/tests/tls/testssl_profiles/pqc_arm.txt | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 extras/tests/tls/testssl_profiles/pqc_arm.txt diff --git a/extras/tests/tls/testssl_profiles/pqc_arm.txt b/extras/tests/tls/testssl_profiles/pqc_arm.txt new file mode 100644 index 000000000..0f5edf79a --- /dev/null +++ b/extras/tests/tls/testssl_profiles/pqc_arm.txt @@ -0,0 +1,25 @@ +"id","fqdn/ip","port","severity","finding","cve","cwe" +"service","127.0.0.1/127.0.0.1","5901","DEBUG","Couldn't determine service, skipping all HTTP checks","","" +"pre_128cipher","127.0.0.1/127.0.0.1","5901","INFO","No 128 cipher limit bug","","" +"cipherlist_NULL","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_aNULL","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_EXPORT","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_LOW","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_3DES_IDEA","127.0.0.1/127.0.0.1","5901","INFO","not offered","","CWE-310" +"cipherlist_OBSOLETED","127.0.0.1/127.0.0.1","5901","INFO","not offered","","CWE-310" +"cipherlist_STRONG_NOFS","127.0.0.1/127.0.0.1","5901","INFO","not offered","","" +"cipherlist_STRONG_FS","127.0.0.1/127.0.0.1","5901","OK","offered","","" +"FS","127.0.0.1/127.0.0.1","5901","OK","offered","","" +"FS_ciphers","127.0.0.1/127.0.0.1","5901","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256","","" +"FS_KEMs","127.0.0.1/127.0.0.1","5901","OK","X25519MLKEM768","","" +"FS_ECDHE_curves","127.0.0.1/127.0.0.1","5901","OK","prime256v1 secp384r1 secp521r1 X25519","","" +"FS_TLS12_sig_algs","127.0.0.1/127.0.0.1","5901","INFO","ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224","","" +"FS_TLS13_sig_algs","127.0.0.1/127.0.0.1","5901","INFO","ECDSA+SHA384","","" +"cipher-tls1_2_xc02c","127.0.0.1/127.0.0.1","5901","OK","TLSv1.2 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","","" +"cipher-tls1_2_xcca9","127.0.0.1/127.0.0.1","5901","OK","TLSv1.2 xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","","" +"cipher-tls1_2_xc02b","127.0.0.1/127.0.0.1","5901","OK","TLSv1.2 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","","" +"supportedciphers_TLSv1_2","127.0.0.1/127.0.0.1","5901","INFO","ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256","","" +"cipher-tls1_3_x1302","127.0.0.1/127.0.0.1","5901","OK","TLSv1.3 x1302 TLS_AES_256_GCM_SHA384 ECDH/MLKEM AESGCM 256 TLS_AES_256_GCM_SHA384","","" +"cipher-tls1_3_x1303","127.0.0.1/127.0.0.1","5901","OK","TLSv1.3 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH/MLKEM ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256","","" +"cipher-tls1_3_x1301","127.0.0.1/127.0.0.1","5901","OK","TLSv1.3 x1301 TLS_AES_128_GCM_SHA256 ECDH/MLKEM AESGCM 128 TLS_AES_128_GCM_SHA256","","" +"supportedciphers_TLSv1_3","127.0.0.1/127.0.0.1","5901","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256","",""