From bf7edb5a516058a2cfceaf38361741f3e70c780f Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Thu, 24 Jul 2025 18:26:37 +0200 Subject: [PATCH] Add extras/tests/tls/testssl_profiles/pqc.txt Is same as baseline.txt but with this line added: +"FS_KEMs","127.0.0.1/127.0.0.1","5901","OK","X25519MLKEM768","","" This so debian 13 test succeeds (and other future distros with OpenSSL 3.5+) --- extras/tests/tls/testssl_profiles/pqc.txt | 25 +++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 extras/tests/tls/testssl_profiles/pqc.txt diff --git a/extras/tests/tls/testssl_profiles/pqc.txt b/extras/tests/tls/testssl_profiles/pqc.txt new file mode 100644 index 000000000..2c408d076 --- /dev/null +++ b/extras/tests/tls/testssl_profiles/pqc.txt @@ -0,0 +1,25 @@ +"id","fqdn/ip","port","severity","finding","cve","cwe" +"service","127.0.0.1/127.0.0.1","5901","DEBUG","Couldn't determine service, skipping all HTTP checks","","" +"pre_128cipher","127.0.0.1/127.0.0.1","5901","INFO","No 128 cipher limit bug","","" +"cipherlist_NULL","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_aNULL","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_EXPORT","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_LOW","127.0.0.1/127.0.0.1","5901","OK","not offered","","CWE-327" +"cipherlist_3DES_IDEA","127.0.0.1/127.0.0.1","5901","INFO","not offered","","CWE-310" +"cipherlist_OBSOLETED","127.0.0.1/127.0.0.1","5901","INFO","not offered","","CWE-310" +"cipherlist_STRONG_NOFS","127.0.0.1/127.0.0.1","5901","INFO","not offered","","" +"cipherlist_STRONG_FS","127.0.0.1/127.0.0.1","5901","OK","offered","","" +"FS","127.0.0.1/127.0.0.1","5901","OK","offered","","" +"FS_ciphers","127.0.0.1/127.0.0.1","5901","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256","","" +"FS_KEMs","127.0.0.1/127.0.0.1","5901","OK","X25519MLKEM768","","" +"FS_ECDHE_curves","127.0.0.1/127.0.0.1","5901","OK","prime256v1 secp384r1 secp521r1 X25519","","" +"FS_TLS12_sig_algs","127.0.0.1/127.0.0.1","5901","INFO","ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224","","" +"FS_TLS13_sig_algs","127.0.0.1/127.0.0.1","5901","INFO","ECDSA+SHA384","","" +"cipher-tls1_2_xc02c","127.0.0.1/127.0.0.1","5901","OK","TLS 1.2 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","","" +"cipher-tls1_2_xcca9","127.0.0.1/127.0.0.1","5901","OK","TLS 1.2 xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","","" +"cipher-tls1_2_xc02b","127.0.0.1/127.0.0.1","5901","OK","TLS 1.2 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","","" +"supportedciphers_TLS 1_2","127.0.0.1/127.0.0.1","5901","INFO","ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256","","" +"cipher-tls1_3_x1302","127.0.0.1/127.0.0.1","5901","OK","TLS 1.3 x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384","","" +"cipher-tls1_3_x1303","127.0.0.1/127.0.0.1","5901","OK","TLS 1.3 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256","","" +"cipher-tls1_3_x1301","127.0.0.1/127.0.0.1","5901","OK","TLS 1.3 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256","","" +"supportedciphers_TLS 1_3","127.0.0.1/127.0.0.1","5901","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256","",""