├── .github ├── dependabot.yml └── workflows │ └── dependabot-reviewer.yml ├── .gitignore ├── .gitmodules ├── Dockerfile ├── Dockerfile_Jenkins ├── Jenkinsfile ├── README.md ├── TLS-Client-Scanner ├── pom.xml └── src │ ├── main │ ├── java │ │ └── de │ │ │ └── rub │ │ │ └── nds │ │ │ └── tlsscanner │ │ │ └── clientscanner │ │ │ ├── Main.java │ │ │ ├── afterprobe │ │ │ ├── AlpacaAfterProbe.java │ │ │ ├── ClientRandomnessAfterProbe.java │ │ │ └── DhValueAfterProbe.java │ │ │ ├── config │ │ │ ├── ClientScannerConfig.java │ │ │ └── delegate │ │ │ │ └── ClientParameterDelegate.java │ │ │ ├── constants │ │ │ ├── CompositeModulusType.java │ │ │ ├── PrimeModulus.java │ │ │ └── SmallSubgroupType.java │ │ │ ├── execution │ │ │ └── TlsClientScanner.java │ │ │ ├── probe │ │ │ ├── AlpnProbe.java │ │ │ ├── ApplicationMessageProbe.java │ │ │ ├── BasicProbe.java │ │ │ ├── CcaSupportProbe.java │ │ │ ├── CertificateProbe.java │ │ │ ├── CipherSuiteProbe.java │ │ │ ├── CompressionProbe.java │ │ │ ├── ConnectionClosingProbe.java │ │ │ ├── DheParameterProbe.java │ │ │ ├── DtlsBugsProbe.java │ │ │ ├── DtlsFragmentationProbe.java │ │ │ ├── DtlsHelloVerifyRequestProbe.java │ │ │ ├── DtlsMessageSequenceProbe.java │ │ │ ├── DtlsReorderingProbe.java │ │ │ ├── DtlsRetransmissionsProbe.java │ │ │ ├── ECPointFormatProbe.java │ │ │ ├── FreakProbe.java │ │ │ ├── NamedGroupsProbe.java │ │ │ ├── PaddingOracleProbe.java │ │ │ ├── ProtocolVersionProbe.java │ │ │ ├── RecordFragmentationProbe.java │ │ │ ├── ResumptionProbe.java │ │ │ ├── ServerCertificateKeySizeProbe.java │ │ │ ├── SniProbe.java │ │ │ ├── TlsClientProbe.java │ │ │ ├── Version13RandomProbe.java │ │ │ ├── VersionProbe.java │ │ │ ├── requirements │ │ │ │ └── ClientOptionsRequirement.java │ │ │ └── result │ │ │ │ └── dhe │ │ │ │ ├── CompositeModulusResult.java │ │ │ │ └── SmallSubgroupResult.java │ │ │ └── report │ │ │ ├── ClientContainerReportCreator.java │ │ │ ├── ClientReport.java │ │ │ ├── ClientReportPrinter.java │ │ │ └── ClientReportSerializer.java │ └── resources │ │ └── log4j2.xml │ └── test │ └── java │ └── de │ └── rub │ └── nds │ └── tlsscanner │ └── clientscanner │ └── afterprobe │ ├── ClientRandomnessAfterProbeTest.java │ └── DhValueAfterProbeTest.java ├── TLS-Scanner-Core ├── pom.xml └── src │ ├── main │ └── java │ │ └── de │ │ └── rub │ │ └── nds │ │ └── tlsscanner │ │ └── core │ │ ├── afterprobe │ │ ├── DtlsRetransmissionAfterProbe.java │ │ ├── EcPublicKeyAfterProbe.java │ │ ├── FreakAfterProbe.java │ │ ├── LogjamAfterProbe.java │ │ ├── PaddingOracleIdentificationAfterProbe.java │ │ ├── RandomnessAfterProbe.java │ │ └── Sweet32AfterProbe.java │ │ ├── config │ │ ├── TlsScannerConfig.java │ │ └── delegate │ │ │ ├── CallbackDelegate.java │ │ │ └── DtlsDelegate.java │ │ ├── constants │ │ ├── CertificateLength.java │ │ ├── ProtocolType.java │ │ ├── QuicAnalyzedProperty.java │ │ ├── QuicAnalyzedPropertyCategory.java │ │ ├── QuicProbeType.java │ │ ├── RandomType.java │ │ ├── RandomnessConstants.java │ │ ├── TlsAnalyzedProperty.java │ │ ├── TlsAnalyzedPropertyCategory.java │ │ └── TlsProbeType.java │ │ ├── converter │ │ ├── ByteArrayDeserializer.java │ │ ├── ByteArraySerializer.java │ │ ├── ConnectionCloseFrameSerializer.java │ │ ├── ExtractedValueContainerDeserializer.java │ │ ├── FieldElementDeserializer.java │ │ ├── HttpsHeaderDeserializer.java │ │ ├── HttpsHeaderSerializer.java │ │ ├── PointDeserializer.java │ │ ├── PointSerializer.java │ │ ├── PublicKeyDeserializer.java │ │ ├── QuicTransportParametersSerializer.java │ │ ├── ResponseFingerprintDeserializer.java │ │ ├── ResponseFingerprintSerializer.java │ │ ├── VectorDeserializer.java │ │ └── VectorSerializer.java │ │ ├── exceptions │ │ ├── AttackFailedException.java │ │ └── OracleUnstableException.java │ │ ├── leak │ │ └── PaddingOracleTestInfo.java │ │ ├── passive │ │ ├── CbcIvExtractor.java │ │ ├── DhPublicKeyExtractor.java │ │ ├── DtlsRetransmissionsExtractor.java │ │ ├── EcPublicKeyExtractor.java │ │ ├── RandomExtractor.java │ │ └── TrackableValueType.java │ │ ├── probe │ │ ├── TlsProbe.java │ │ ├── certificate │ │ │ ├── CertificateChainReport.java │ │ │ ├── CertificateIssue.java │ │ │ ├── CertificateJudge.java │ │ │ ├── CertificateReport.java │ │ │ ├── CertificateReportGenerator.java │ │ │ └── roca │ │ │ │ └── RocaBrokenKey.java │ │ ├── ciphersuite │ │ │ └── CipherSuiteEvaluationHelper.java │ │ ├── closing │ │ │ └── ConnectionClosingUtils.java │ │ ├── ecpointformat │ │ │ └── ECPointFormatUtils.java │ │ ├── padding │ │ │ ├── IdentifierResponse.java │ │ │ ├── KnownPaddingOracleVulnerability.java │ │ │ ├── PaddingOracleAttacker.java │ │ │ ├── PaddingOracleAttributor.java │ │ │ ├── PaddingOracleStrength.java │ │ │ ├── constants │ │ │ │ ├── PaddingRecordGeneratorType.java │ │ │ │ └── PaddingVectorGeneratorType.java │ │ │ ├── trace │ │ │ │ ├── ClassicCloseNotifyTraceGenerator.java │ │ │ │ ├── ClassicDynamicPaddingTraceGenerator.java │ │ │ │ ├── ClassicPaddingTraceGenerator.java │ │ │ │ ├── FinishedPaddingTraceGenerator.java │ │ │ │ ├── FinishedResumptionPaddingTraceGenerator.java │ │ │ │ ├── HeartbeatPaddingTraceGenerator.java │ │ │ │ ├── PaddingTraceGenerator.java │ │ │ │ └── PaddingTraceGeneratorFactory.java │ │ │ └── vector │ │ │ │ ├── LongPaddingGenerator.java │ │ │ │ ├── LongRecordPaddingGenerator.java │ │ │ │ ├── MediumPaddingGenerator.java │ │ │ │ ├── PaddingVector.java │ │ │ │ ├── PaddingVectorGenerator.java │ │ │ │ ├── PlainPaddingVector.java │ │ │ │ ├── ShortPaddingGenerator.java │ │ │ │ ├── TripleVector.java │ │ │ │ └── VeryShortPaddingGenerator.java │ │ ├── requirements │ │ │ ├── ExtensionRequirement.java │ │ │ ├── OptionsRequirement.java │ │ │ ├── ProtocolTypeFalseRequirement.java │ │ │ ├── ProtocolTypeRequirement.java │ │ │ ├── ProtocolTypeTrueRequirement.java │ │ │ └── ProtocolVersionRequirement.java │ │ └── result │ │ │ └── VersionSuiteListPair.java │ │ ├── report │ │ ├── CipherSuiteGrade.java │ │ ├── CipherSuiteRater.java │ │ ├── DefaultPrintingScheme.java │ │ ├── EntropyReport.java │ │ ├── StrengthMeter.java │ │ ├── TlsReportCreator.java │ │ └── TlsScanReport.java │ │ ├── task │ │ ├── FingerPrintTask.java │ │ ├── FingerprintTaskVectorPair.java │ │ └── InvalidCurveTask.java │ │ ├── trust │ │ ├── CertificateEntry.java │ │ ├── TrustAnchorManager.java │ │ └── TrustPlatform.java │ │ ├── util │ │ ├── ArrayUtil.java │ │ ├── CollectionUtils.java │ │ └── PrefixStatsUtil.java │ │ └── vector │ │ ├── Vector.java │ │ ├── VectorResponse.java │ │ ├── response │ │ ├── EqualityError.java │ │ ├── EqualityErrorTranslator.java │ │ ├── FingerprintChecker.java │ │ ├── FingerprintSecretPair.java │ │ ├── ResponseExtractor.java │ │ └── ResponseFingerprint.java │ │ └── statistics │ │ ├── DistributionTest.java │ │ ├── FisherExactTest.java │ │ ├── InformationLeakReport.java │ │ ├── InformationLeakTest.java │ │ ├── NondeterminismType.java │ │ ├── ResponseCounter.java │ │ ├── StatisticalTests.java │ │ ├── TestInfo.java │ │ ├── VectorContainer.java │ │ └── VectorStatisticTest.java │ └── test │ └── java │ └── de │ └── rub │ └── nds │ └── tlsscanner │ └── core │ ├── TlsCoreTestReport.java │ ├── afterprobe │ ├── DtlsRetransmissionAfterProbeTest.java │ ├── EcPublicKeyAfterProbeTest.java │ ├── FreakAfterProbeTest.java │ ├── LogjamAfterProbeTest.java │ └── Sweet32AfterProbeTest.java │ ├── probe │ ├── padding │ │ └── vector │ │ │ ├── ShortPaddingGeneratorTest.java │ │ │ └── VeryShortPaddingGeneratorTest.java │ └── requirements │ │ ├── ExtensionRequirementTest.java │ │ └── ProtocolRequirementTest.java │ └── vector │ └── response │ └── FingerprintCheckerTest.java ├── TLS-Server-Scanner ├── pom.xml └── src │ ├── main │ ├── java │ │ └── de │ │ │ └── rub │ │ │ └── nds │ │ │ └── tlsscanner │ │ │ └── serverscanner │ │ │ ├── Main.java │ │ │ ├── afterprobe │ │ │ ├── CertificateSignatureAndHashAlgorithmAfterProbe.java │ │ │ ├── DestinationPortAfterProbe.java │ │ │ ├── DhValueAfterProbe.java │ │ │ ├── HandshakeSimulationAfterProbe.java │ │ │ ├── PoodleAfterProbe.java │ │ │ ├── RaccoonAttackAfterProbe.java │ │ │ ├── ServerRandomnessAfterProbe.java │ │ │ ├── SessionTicketAfterProbe.java │ │ │ └── prime │ │ │ │ ├── CommonDhLoader.java │ │ │ │ └── CommonDhValues.java │ │ │ ├── config │ │ │ ├── ServerScannerConfig.java │ │ │ └── delegate │ │ │ │ └── ProxyDelegate.java │ │ │ ├── connectivity │ │ │ └── ConnectivityChecker.java │ │ │ ├── constants │ │ │ ├── ApplicationProtocol.java │ │ │ ├── CheckPatternType.java │ │ │ └── GcmPattern.java │ │ │ ├── execution │ │ │ └── TlsServerScanner.java │ │ │ ├── guideline │ │ │ ├── checks │ │ │ │ ├── AnalyzedPropertyGuidelineCheck.java │ │ │ │ ├── CertificateAgilityGuidelineCheck.java │ │ │ │ ├── CertificateCurveGuidelineCheck.java │ │ │ │ ├── CertificateGuidelineCheck.java │ │ │ │ ├── CertificateSignatureCheck.java │ │ │ │ ├── CertificateValidityGuidelineCheck.java │ │ │ │ ├── CertificateVersionGuidelineCheck.java │ │ │ │ ├── CipherSuiteGuidelineCheck.java │ │ │ │ ├── ExtendedKeyUsageCertificateCheck.java │ │ │ │ ├── ExtensionGuidelineCheck.java │ │ │ │ ├── HashAlgorithmStrengthCheck.java │ │ │ │ ├── HashAlgorithmsGuidelineCheck.java │ │ │ │ ├── KeySizeCertGuidelineCheck.java │ │ │ │ ├── KeyUsageCertificateCheck.java │ │ │ │ ├── NamedGroupsGuidelineCheck.java │ │ │ │ ├── SignatureAlgorithmsCertificateGuidelineCheck.java │ │ │ │ ├── SignatureAlgorithmsGuidelineCheck.java │ │ │ │ ├── SignatureAlgorithmsTypeCertificateGuidelineCheck.java │ │ │ │ ├── SignatureAndHashAlgorithmsCertificateGuidelineCheck.java │ │ │ │ └── SignatureAndHashAlgorithmsGuidelineCheck.java │ │ │ └── results │ │ │ │ ├── AnalyzedPropertyGuidelineCheckResult.java │ │ │ │ ├── CertificateAgilityGuidelineCheckResult.java │ │ │ │ ├── CertificateCurveGuidelineCheckResult.java │ │ │ │ ├── CertificateGuidelineCheckResult.java │ │ │ │ ├── CertificateSignatureCheckResult.java │ │ │ │ ├── CertificateValidityGuidelineCheckResult.java │ │ │ │ ├── CertificateVersionGuidelineCheckResult.java │ │ │ │ ├── CipherSuiteGuidelineCheckResult.java │ │ │ │ ├── ExtensionGuidelineCheckResult.java │ │ │ │ ├── HashAlgorithmStrengthCheckResult.java │ │ │ │ ├── HashAlgorithmsGuidelineCheckResult.java │ │ │ │ ├── KeySizeCertGuidelineCheckResult.java │ │ │ │ ├── KeySizeData.java │ │ │ │ ├── KeyUsageCertificateCheckResult.java │ │ │ │ ├── NamedGroupsGuidelineCheckResult.java │ │ │ │ ├── SignatureAlgorithmsGuidelineCheckResult.java │ │ │ │ ├── SignatureAndHashAlgorithmsCertificateGuidelineCheckResult.java │ │ │ │ └── X509SignatureAlgorithmGuidelineCheckResult.java │ │ │ ├── leak │ │ │ ├── BleichenbacherOracleTestInfo.java │ │ │ ├── DirectRaccoonOracleTestInfo.java │ │ │ ├── InvalidCurveTestInfo.java │ │ │ ├── TicketPaddingOracleLastByteTestInfo.java │ │ │ └── TicketPaddingOracleSecondByteTestInfo.java │ │ │ ├── passive │ │ │ ├── CookieExtractor.java │ │ │ ├── DestinationPortExtractor.java │ │ │ ├── SessionIdExtractor.java │ │ │ └── SessionTicketExtractor.java │ │ │ ├── probe │ │ │ ├── AlpacaProbe.java │ │ │ ├── AlpnProbe.java │ │ │ ├── BleichenbacherProbe.java │ │ │ ├── CcaRequiredProbe.java │ │ │ ├── CcaSupportProbe.java │ │ │ ├── CertificateProbe.java │ │ │ ├── CipherSuiteOrderProbe.java │ │ │ ├── CipherSuiteProbe.java │ │ │ ├── CommonBugProbe.java │ │ │ ├── CompressionsProbe.java │ │ │ ├── ConnectionClosingProbe.java │ │ │ ├── DirectRaccoonProbe.java │ │ │ ├── DrownProbe.java │ │ │ ├── DtlsApplicationFingerprintProbe.java │ │ │ ├── DtlsBugsProbe.java │ │ │ ├── DtlsFragmentationProbe.java │ │ │ ├── DtlsHelloVerifyRequestProbe.java │ │ │ ├── DtlsIpAddressInCookieProbe.java │ │ │ ├── DtlsMessageSequenceProbe.java │ │ │ ├── DtlsReorderingProbe.java │ │ │ ├── DtlsRetransmissionsProbe.java │ │ │ ├── ECPointFormatProbe.java │ │ │ ├── EarlyCcsProbe.java │ │ │ ├── EsniProbe.java │ │ │ ├── ExtensionProbe.java │ │ │ ├── HeartbleedProbe.java │ │ │ ├── HelloRetryProbe.java │ │ │ ├── HttpFalseStartProbe.java │ │ │ ├── HttpHeaderProbe.java │ │ │ ├── InvalidCurveProbe.java │ │ │ ├── MacProbe.java │ │ │ ├── NamedCurvesOrderProbe.java │ │ │ ├── NamedGroupsProbe.java │ │ │ ├── PaddingOracleProbe.java │ │ │ ├── ProtocolVersionProbe.java │ │ │ ├── RandomnessProbe.java │ │ │ ├── RecordFragmentationProbe.java │ │ │ ├── RenegotiationProbe.java │ │ │ ├── ResumptionProbe.java │ │ │ ├── SessionTicketCollectingProbe.java │ │ │ ├── SessionTicketManipulationProbe.java │ │ │ ├── SessionTicketPaddingOracleProbe.java │ │ │ ├── SessionTicketProbe.java │ │ │ ├── SignatureAndHashAlgorithmProbe.java │ │ │ ├── SignatureHashAlgorithmOrderProbe.java │ │ │ ├── SniProbe.java │ │ │ ├── TlsFallbackScsvProbe.java │ │ │ ├── TlsServerProbe.java │ │ │ ├── TokenbindingProbe.java │ │ │ ├── bleichenbacher │ │ │ │ ├── BleichenbacherAttacker.java │ │ │ │ ├── constans │ │ │ │ │ ├── BleichenbacherScanType.java │ │ │ │ │ └── BleichenbacherWorkflowType.java │ │ │ │ ├── trace │ │ │ │ │ └── BleichenbacherWorkflowGenerator.java │ │ │ │ └── vector │ │ │ │ │ ├── Pkcs1Vector.java │ │ │ │ │ └── Pkcs1VectorGenerator.java │ │ │ ├── directraccoon │ │ │ │ ├── DirectRaccoonVector.java │ │ │ │ ├── DirectRaccoonWorkflowGenerator.java │ │ │ │ └── DirectRaccoonWorkflowType.java │ │ │ ├── drown │ │ │ │ ├── BaseDrownAttacker.java │ │ │ │ ├── GeneralDrownAttacker.java │ │ │ │ ├── LeakyExportCheckCallable.java │ │ │ │ ├── LeakyExportCheckData.java │ │ │ │ ├── ServerVerifyChecker.java │ │ │ │ ├── SpecialDrownAttacker.java │ │ │ │ └── constans │ │ │ │ │ ├── DrownOracleType.java │ │ │ │ │ └── DrownVulnerabilityType.java │ │ │ ├── earlyccs │ │ │ │ └── EarlyCcsVulnerabilityType.java │ │ │ ├── handshakesimulation │ │ │ │ ├── ConfigFileList.java │ │ │ │ ├── ConfigFileListIO.java │ │ │ │ ├── ConnectionInsecure.java │ │ │ │ ├── HandshakeFailureReasons.java │ │ │ │ ├── NegotiatedParameterProperties.java │ │ │ │ ├── SimulatedClientResult.java │ │ │ │ ├── SimulationRequest.java │ │ │ │ ├── TlsClientConfig.java │ │ │ │ └── TlsClientConfigIO.java │ │ │ ├── invalidcurve │ │ │ │ ├── InvalidCurveAttacker.java │ │ │ │ ├── InvalidCurveResponse.java │ │ │ │ ├── constants │ │ │ │ │ ├── InvalidCurveScanType.java │ │ │ │ │ └── InvalidCurveWorkflowType.java │ │ │ │ ├── point │ │ │ │ │ ├── InvalidCurvePoint.java │ │ │ │ │ └── TwistedCurvePoint.java │ │ │ │ ├── trace │ │ │ │ │ └── InvalidCurveWorkflowGenerator.java │ │ │ │ └── vector │ │ │ │ │ └── InvalidCurveVector.java │ │ │ ├── mac │ │ │ │ ├── ByteCheckStatus.java │ │ │ │ ├── CheckPattern.java │ │ │ │ └── StateIndexPair.java │ │ │ ├── namedgroup │ │ │ │ └── NamedGroupWitness.java │ │ │ ├── quic │ │ │ │ ├── QuicAfterHandshakeProbe.java │ │ │ │ ├── QuicAntiDosLimitProbe.java │ │ │ │ ├── QuicConnectionMigrationProbe.java │ │ │ │ ├── QuicFragmentationProbe.java │ │ │ │ ├── QuicRetryPacketProbe.java │ │ │ │ ├── QuicServerProbe.java │ │ │ │ ├── QuicTls12HandshakeProbe.java │ │ │ │ ├── QuicTransportParameterProbe.java │ │ │ │ └── QuicVersionProbe.java │ │ │ ├── requirements │ │ │ │ ├── ServerOptionsRequirement.java │ │ │ │ └── WorkingConfigRequirement.java │ │ │ ├── result │ │ │ │ ├── VersionDependentResult.java │ │ │ │ ├── VersionDependentSummarizableResult.java │ │ │ │ ├── VersionDependentTestResults.java │ │ │ │ ├── hpkp │ │ │ │ │ └── HpkpPin.java │ │ │ │ ├── raccoonattack │ │ │ │ │ ├── RaccoonAttackProbabilities.java │ │ │ │ │ ├── RaccoonAttackPskProbabilities.java │ │ │ │ │ └── RaccoonAttackVulnerabilityPosition.java │ │ │ │ ├── sessionticket │ │ │ │ │ ├── FoundDefaultHmacKey.java │ │ │ │ │ ├── FoundDefaultStek.java │ │ │ │ │ ├── FoundSecret.java │ │ │ │ │ ├── SessionTicketAfterStats.java │ │ │ │ │ ├── TicketManipulationResult.java │ │ │ │ │ ├── TicketPaddingOracleOffsetResult.java │ │ │ │ │ └── TicketPaddingOracleResult.java │ │ │ │ └── statistics │ │ │ │ │ └── RandomEvaluationResult.java │ │ │ └── sessionticket │ │ │ │ ├── DefaultKeys.java │ │ │ │ ├── SessionSecret.java │ │ │ │ ├── SessionTicketBaseProbe.java │ │ │ │ ├── SessionTicketEncryptionFormat.java │ │ │ │ ├── SessionTicketMacFormat.java │ │ │ │ ├── SessionTicketUtil.java │ │ │ │ ├── TicketEncryptionAlgorithm.java │ │ │ │ ├── ticket │ │ │ │ ├── ModifiedTicket.java │ │ │ │ ├── NoTicket.java │ │ │ │ ├── Ticket.java │ │ │ │ ├── TicketHolder.java │ │ │ │ ├── TicketTls12.java │ │ │ │ └── TicketTls13.java │ │ │ │ └── vector │ │ │ │ ├── TicketBitFlipVector.java │ │ │ │ ├── TicketPaddingOracleVector.java │ │ │ │ ├── TicketPaddingOracleVectorLast.java │ │ │ │ ├── TicketPaddingOracleVectorSecond.java │ │ │ │ └── TicketVector.java │ │ │ ├── report │ │ │ ├── ServerContainerReportCreator.java │ │ │ ├── ServerReport.java │ │ │ ├── ServerReportPrinter.java │ │ │ ├── ServerReportSerializer.java │ │ │ └── rating │ │ │ │ └── DefaultRatingLoader.java │ │ │ ├── scan │ │ │ └── ScannerThreadPoolExecutor.java │ │ │ └── selector │ │ │ ├── ConfigFilter.java │ │ │ ├── ConfigFilterProfile.java │ │ │ ├── ConfigFilterType.java │ │ │ ├── ConfigSelector.java │ │ │ └── DefaultConfigProfile.java │ └── resources │ │ ├── client_config_file_list.xml │ │ ├── common │ │ ├── LICENSE │ │ ├── Readme │ │ └── common.json │ │ ├── configs │ │ ├── default.config │ │ ├── ssl2Only.config │ │ └── tls13rich.config │ │ ├── extracted_client_configs │ │ ├── client_BEARSSL_0.4.config │ │ ├── client_BORINGSSL_2272.config │ │ ├── client_BORINGSSL_2311.config │ │ ├── client_BORINGSSL_2357.config │ │ ├── client_BORINGSSL_2490.config │ │ ├── client_BORINGSSL_2564.config │ │ ├── client_BORINGSSL_2623.config │ │ ├── client_BORINGSSL_2661.config │ │ ├── client_BORINGSSL_2704.config │ │ ├── client_BORINGSSL_2883.config │ │ ├── client_BORINGSSL_2924.config │ │ ├── client_BORINGSSL_2987.config │ │ ├── client_BORINGSSL_3029.config │ │ ├── client_BORINGSSL_3112.config │ │ ├── client_BORINGSSL_3202.config │ │ ├── client_BORINGSSL_3239.config │ │ ├── client_BORINGSSL_3282.config │ │ ├── client_BORINGSSL_3359.config │ │ ├── client_BORINGSSL_3538.config │ │ ├── client_BORINGSSL_chromium-stable.config │ │ ├── client_BORINGSSL_master.config │ │ ├── client_BOTAN_2.1.0.config │ │ ├── client_BOTAN_2.2.0.config │ │ ├── client_BOTAN_2.3.0.config │ │ ├── client_GNUTLS_3.4.16.config │ │ ├── client_GNUTLS_3.4.17.config │ │ ├── client_GNUTLS_3.4.18.config │ │ ├── client_GNUTLS_3.4.19.config │ │ ├── client_GNUTLS_3.6.0.config │ │ ├── client_GNUTLS_3.6.0_1.config │ │ ├── client_GNUTLS_3.6.1.config │ │ ├── client_GNUTLS_3.6.2.config │ │ ├── client_LIBRESSL_2.0.1.config │ │ ├── client_LIBRESSL_2.0.2.config │ │ ├── client_LIBRESSL_2.0.3.config │ │ ├── client_LIBRESSL_2.0.4.config │ │ ├── client_LIBRESSL_2.0.5.config │ │ ├── client_LIBRESSL_2.0.6.config │ │ ├── client_LIBRESSL_2.1.0.config │ │ ├── client_LIBRESSL_2.1.1.config │ │ ├── client_LIBRESSL_2.1.10.config │ │ ├── client_LIBRESSL_2.1.2.config │ │ ├── client_LIBRESSL_2.1.3.config │ │ ├── client_LIBRESSL_2.1.4.config │ │ ├── client_LIBRESSL_2.1.5.config │ │ ├── client_LIBRESSL_2.1.6.config │ │ ├── client_LIBRESSL_2.1.7.config │ │ ├── client_LIBRESSL_2.1.8.config │ │ ├── client_LIBRESSL_2.1.9.config │ │ ├── client_LIBRESSL_2.2.0.config │ │ ├── client_LIBRESSL_2.2.1.config │ │ ├── client_LIBRESSL_2.2.2.config │ │ ├── client_LIBRESSL_2.2.3.config │ │ ├── client_LIBRESSL_2.2.4.config │ │ ├── client_LIBRESSL_2.2.5.config │ │ ├── client_LIBRESSL_2.2.6.config │ │ ├── client_LIBRESSL_2.2.7.config │ │ ├── client_LIBRESSL_2.2.8.config │ │ ├── client_LIBRESSL_2.2.9.config │ │ ├── client_LIBRESSL_2.7.0.config │ │ ├── client_LIBRESSL_2.7.1.config │ │ ├── client_LIBRESSL_2.7.2.config │ │ ├── client_LIBRESSL_2.7.3.config │ │ ├── client_LIBRESSL_2.7.4.config │ │ ├── client_LIBRESSL_2.8.0.config │ │ ├── client_LIBRESSL_2.8.1.config │ │ ├── client_LIBRESSL_2.8.2.config │ │ ├── client_MATRIXSSL_3-8-3.config │ │ ├── client_MATRIXSSL_3-8-4.config │ │ ├── client_MATRIXSSL_3-8-6.config │ │ ├── client_MATRIXSSL_3-8-7.config │ │ ├── client_MATRIXSSL_3-8-7a.config │ │ ├── client_MATRIXSSL_3-8-7b.config │ │ ├── client_MATRIXSSL_3-9-0.config │ │ ├── client_MATRIXSSL_3-9-1.config │ │ ├── client_MATRIXSSL_3-9-3.config │ │ ├── client_MATRIXSSL_3.7.2.config │ │ ├── client_MBED_1.0.0.config │ │ ├── client_MBED_1.1.0.config │ │ ├── client_MBED_1.1.2.config │ │ ├── client_MBED_1.1.3.config │ │ ├── client_MBED_1.1.4.config │ │ ├── client_MBED_1.1.5.config │ │ ├── client_MBED_1.1.6.config │ │ ├── client_MBED_1.1.7.config │ │ ├── client_MBED_1.1.8.config │ │ ├── client_MBED_1.2.0.config │ │ ├── client_MBED_1.2.1.config │ │ ├── client_MBED_1.2.10.config │ │ ├── client_MBED_1.2.11.config │ │ ├── client_MBED_1.2.12.config │ │ ├── client_MBED_1.2.13.config │ │ ├── client_MBED_1.2.14.config │ │ ├── client_MBED_1.2.15.config │ │ ├── client_MBED_1.2.16.config │ │ ├── client_MBED_1.2.17.config │ │ ├── client_MBED_1.2.18.config │ │ ├── client_MBED_1.2.19.config │ │ ├── client_MBED_1.2.2.config │ │ ├── client_MBED_1.2.3.config │ │ ├── client_MBED_1.2.4.config │ │ ├── client_MBED_1.2.5.config │ │ ├── client_MBED_1.2.6.config │ │ ├── client_MBED_1.2.7.config │ │ ├── client_MBED_1.2.8.config │ │ ├── client_MBED_1.2.9.config │ │ ├── client_MBED_1.3.0.config │ │ ├── client_MBED_1.3.1.config │ │ ├── client_MBED_1.3.10.config │ │ ├── client_MBED_1.3.11.config │ │ ├── client_MBED_1.3.12.config │ │ ├── client_MBED_1.3.13.config │ │ ├── client_MBED_1.3.14.config │ │ ├── client_MBED_1.3.15.config │ │ ├── client_MBED_1.3.16.config │ │ ├── client_MBED_1.3.17.config │ │ ├── client_MBED_1.3.18.config │ │ ├── client_MBED_1.3.19.config │ │ ├── client_MBED_1.3.2.config │ │ ├── client_MBED_1.3.20.config │ │ ├── client_MBED_1.3.21.config │ │ ├── client_MBED_1.3.22.config │ │ ├── client_MBED_1.3.3.config │ │ ├── client_MBED_1.3.4.config │ │ ├── client_MBED_1.3.5.config │ │ ├── client_MBED_1.3.6.config │ │ ├── client_MBED_1.3.7.config │ │ ├── client_MBED_1.3.8.config │ │ ├── client_MBED_1.3.9.config │ │ ├── client_MBED_2.0.0.config │ │ ├── client_MBED_2.1.0.config │ │ ├── client_MBED_2.1.1.config │ │ ├── client_MBED_2.1.10.config │ │ ├── client_MBED_2.1.11.config │ │ ├── client_MBED_2.1.12.config │ │ ├── client_MBED_2.1.13.config │ │ ├── client_MBED_2.1.14.config │ │ ├── client_MBED_2.1.15.config │ │ ├── client_MBED_2.1.2.config │ │ ├── client_MBED_2.1.3.config │ │ ├── client_MBED_2.1.4.config │ │ ├── client_MBED_2.1.5.config │ │ ├── client_MBED_2.1.6.config │ │ ├── client_MBED_2.1.7.config │ │ ├── client_MBED_2.1.8.config │ │ ├── client_MBED_2.1.9.config │ │ ├── client_MBED_2.11.0.config │ │ ├── client_MBED_2.12.0.config │ │ ├── client_MBED_2.13.0.config │ │ ├── client_MBED_2.2.0.config │ │ ├── client_MBED_2.2.1.config │ │ ├── client_MBED_2.3.0.config │ │ ├── client_MBED_2.4.0.config │ │ ├── client_MBED_2.4.2.config │ │ ├── client_MBED_2.5.1.config │ │ ├── client_MBED_2.6.0.config │ │ ├── client_MBED_2.7.0.config │ │ ├── client_MBED_2.7.3.config │ │ ├── client_MBED_2.7.4.config │ │ ├── client_MBED_2.7.5.config │ │ ├── client_MBED_2.7.6.config │ │ ├── client_MBED_2.8.0.config │ │ ├── client_MBED_2.9.0.config │ │ ├── client_OPENSSL_0.9.7.config │ │ ├── client_OPENSSL_0.9.7a.config │ │ ├── client_OPENSSL_0.9.7b.config │ │ ├── client_OPENSSL_0.9.7c.config │ │ ├── client_OPENSSL_0.9.7d.config │ │ ├── client_OPENSSL_0.9.7e.config │ │ ├── client_OPENSSL_0.9.7f.config │ │ ├── client_OPENSSL_0.9.7g.config │ │ ├── client_OPENSSL_0.9.7h.config │ │ ├── client_OPENSSL_0.9.7i.config │ │ ├── client_OPENSSL_0.9.7j.config │ │ ├── client_OPENSSL_0.9.7k.config │ │ ├── client_OPENSSL_0.9.7l.config │ │ ├── client_OPENSSL_0.9.7m.config │ │ ├── client_OPENSSL_0.9.8.config │ │ ├── client_OPENSSL_0.9.8a.config │ │ ├── client_OPENSSL_0.9.8b.config │ │ ├── client_OPENSSL_0.9.8c.config │ │ ├── client_OPENSSL_0.9.8d.config │ │ ├── client_OPENSSL_0.9.8e.config │ │ ├── client_OPENSSL_0.9.8f.config │ │ ├── client_OPENSSL_0.9.8g.config │ │ ├── client_OPENSSL_0.9.8h.config │ │ ├── client_OPENSSL_0.9.8i.config │ │ ├── client_OPENSSL_0.9.8j.config │ │ ├── client_OPENSSL_0.9.8k.config │ │ ├── client_OPENSSL_0.9.8l.config │ │ ├── client_OPENSSL_0.9.8m-beta1.config │ │ ├── client_OPENSSL_0.9.8m.config │ │ ├── client_OPENSSL_0.9.8n.config │ │ ├── client_OPENSSL_0.9.8o.config │ │ ├── client_OPENSSL_0.9.8p.config │ │ ├── client_OPENSSL_0.9.8q.config │ │ ├── client_OPENSSL_0.9.8r.config │ │ ├── client_OPENSSL_0.9.8s.config │ │ ├── client_OPENSSL_0.9.8t.config │ │ ├── client_OPENSSL_0.9.8u.config │ │ ├── client_OPENSSL_0.9.8v.config │ │ ├── client_OPENSSL_0.9.8w.config │ │ ├── client_OPENSSL_0.9.8x.config │ │ ├── client_OPENSSL_0.9.8y.config │ │ ├── client_OPENSSL_0.9.8za.config │ │ ├── client_OPENSSL_0.9.8zb.config │ │ ├── client_OPENSSL_0.9.8zc.config │ │ ├── client_OPENSSL_0.9.8zd.config │ │ ├── client_OPENSSL_0.9.8ze.config │ │ ├── client_OPENSSL_0.9.8zf.config │ │ ├── client_OPENSSL_0.9.8zg.config │ │ ├── client_OPENSSL_0.9.8zh.config │ │ ├── client_OPENSSL_1.0.0-beta1.config │ │ ├── client_OPENSSL_1.0.0-beta2.config │ │ ├── client_OPENSSL_1.0.0-beta3.config │ │ ├── client_OPENSSL_1.0.0-beta4.config │ │ ├── client_OPENSSL_1.0.0-beta5.config │ │ ├── client_OPENSSL_1.0.0.config │ │ ├── client_OPENSSL_1.0.0a.config │ │ ├── client_OPENSSL_1.0.0b.config │ │ ├── client_OPENSSL_1.0.0c.config │ │ ├── client_OPENSSL_1.0.0d.config │ │ ├── client_OPENSSL_1.0.0e.config │ │ ├── client_OPENSSL_1.0.0f.config │ │ ├── client_OPENSSL_1.0.0g.config │ │ ├── client_OPENSSL_1.0.0h.config │ │ ├── client_OPENSSL_1.0.0i.config │ │ ├── client_OPENSSL_1.0.0j.config │ │ ├── client_OPENSSL_1.0.0k.config │ │ ├── client_OPENSSL_1.0.0l.config │ │ ├── client_OPENSSL_1.0.0m.config │ │ ├── client_OPENSSL_1.0.0n.config │ │ ├── client_OPENSSL_1.0.0o.config │ │ ├── client_OPENSSL_1.0.0p.config │ │ ├── client_OPENSSL_1.0.0q.config │ │ ├── client_OPENSSL_1.0.0r.config │ │ ├── client_OPENSSL_1.0.0s.config │ │ ├── client_OPENSSL_1.0.1-beta1.config │ │ ├── client_OPENSSL_1.0.1-beta2.config │ │ ├── client_OPENSSL_1.0.1-beta3.config │ │ ├── client_OPENSSL_1.0.1.config │ │ ├── client_OPENSSL_1.0.1a.config │ │ ├── client_OPENSSL_1.0.1b.config │ │ ├── client_OPENSSL_1.0.1c.config │ │ ├── client_OPENSSL_1.0.1d.config │ │ ├── client_OPENSSL_1.0.1e.config │ │ ├── client_OPENSSL_1.0.1f.config │ │ ├── client_OPENSSL_1.0.1g.config │ │ ├── client_OPENSSL_1.0.1h.config │ │ ├── client_OPENSSL_1.0.1i.config │ │ ├── client_OPENSSL_1.0.1j.config │ │ ├── client_OPENSSL_1.0.1k.config │ │ ├── client_OPENSSL_1.0.1l.config │ │ ├── client_OPENSSL_1.0.1m.config │ │ ├── client_OPENSSL_1.0.1n.config │ │ ├── client_OPENSSL_1.0.1o.config │ │ ├── client_OPENSSL_1.0.1p.config │ │ ├── client_OPENSSL_1.0.1q.config │ │ ├── client_OPENSSL_1.0.1r.config │ │ ├── client_OPENSSL_1.0.1s.config │ │ ├── client_OPENSSL_1.0.1t.config │ │ ├── client_OPENSSL_1.0.1u.config │ │ ├── client_OPENSSL_1.0.2-beta1.config │ │ ├── client_OPENSSL_1.0.2-beta2.config │ │ ├── client_OPENSSL_1.0.2-beta3.config │ │ ├── client_OPENSSL_1.0.2.config │ │ ├── client_OPENSSL_1.0.2a.config │ │ ├── client_OPENSSL_1.0.2b.config │ │ ├── client_OPENSSL_1.0.2c.config │ │ ├── client_OPENSSL_1.0.2d.config │ │ ├── client_OPENSSL_1.0.2e.config │ │ ├── client_OPENSSL_1.0.2f.config │ │ ├── client_OPENSSL_1.0.2g.config │ │ ├── client_OPENSSL_1.0.2h.config │ │ ├── client_OPENSSL_1.0.2i.config │ │ ├── client_OPENSSL_1.0.2j.config │ │ ├── client_OPENSSL_1.0.2k.config │ │ ├── client_OPENSSL_1.0.2l.config │ │ ├── client_OPENSSL_1.0.2m.config │ │ ├── client_OPENSSL_1.0.2n.config │ │ ├── client_OPENSSL_1.0.2o.config │ │ ├── client_OPENSSL_1.0.2p.config │ │ ├── client_OPENSSL_1.1.0-pre3.config │ │ ├── client_OPENSSL_1.1.0.config │ │ ├── client_OPENSSL_1.1.0a.config │ │ ├── client_OPENSSL_1.1.0b.config │ │ ├── client_OPENSSL_1.1.0c.config │ │ ├── client_OPENSSL_1.1.0d.config │ │ ├── client_OPENSSL_1.1.0e.config │ │ ├── client_OPENSSL_1.1.0f.config │ │ ├── client_OPENSSL_1.1.0g.config │ │ ├── client_OPENSSL_1.1.0h.config │ │ ├── client_OPENSSL_1.1.0i.config │ │ ├── client_WOLFSSL_2.3.0.config │ │ ├── client_WOLFSSL_2.4.0.config │ │ ├── client_WOLFSSL_2.4.2.config │ │ ├── client_WOLFSSL_2.4.6.config │ │ ├── client_WOLFSSL_2.4.7.config │ │ ├── client_WOLFSSL_2.5.0.config │ │ ├── client_WOLFSSL_2.5.2b.config │ │ ├── client_WOLFSSL_2.6.0.config │ │ ├── client_WOLFSSL_2.6.2.config │ │ ├── client_WOLFSSL_2.7.0.config │ │ ├── client_WOLFSSL_2.7.2.config │ │ ├── client_WOLFSSL_2.8.0.config │ │ ├── client_WOLFSSL_2.8.2.config │ │ ├── client_WOLFSSL_2.8.3.config │ │ ├── client_WOLFSSL_2.8.4.config │ │ ├── client_WOLFSSL_2.8.5.config │ │ ├── client_WOLFSSL_2.8.5a.config │ │ ├── client_WOLFSSL_2.8.6.config │ │ ├── client_WOLFSSL_2.9.0.config │ │ ├── client_WOLFSSL_2.9.1.config │ │ ├── client_WOLFSSL_2.9.2.config │ │ ├── client_WOLFSSL_2.9.4.config │ │ └── client_WOLFSSL_3.12.2-stable.config │ │ ├── guideline │ │ ├── bsi.xml │ │ └── nist.xml │ │ ├── log4j2.xml │ │ ├── rating │ │ ├── influencers.xml │ │ ├── recommendations.xml │ │ └── recommendations_en.xml │ │ └── xmlcerts │ │ ├── DSAROOTv3_CAv3_LEAF_DHv3.xml │ │ ├── DSAROOTv3_CAv3_LEAF_DHv3_KeyAgreement.xml │ │ ├── DSAROOTv3_CAv3_LEAF_DSAv3.xml │ │ ├── DSAROOTv3_CAv3_LEAF_DSAv3_GarbageParameters.xml │ │ ├── DSAROOTv3_CAv3_LEAF_DSAv3_Sha1.xml │ │ ├── ECROOTv3_CAv3CustomCurve_LEAF_ECv3.xml │ │ ├── ECROOTv3_CAv3_LEAF_ECv3.xml │ │ ├── ECROOTv3_CAv3_LEAF_ECv3_GarbageParameters.xml │ │ ├── ECROOTv3_CAv3_LEAF_ECv3_KeyAgreement.xml │ │ ├── ECROOTv3_CAv3_LEAF_ECv3_KeyAgreement2.xml │ │ ├── ECROOTv3_CAv3_LEAF_ECv3_Sha1.xml │ │ ├── ECROOTv3_Curveball_CAv3_LEAF_ECv3.xml │ │ ├── ROOT_DSAv3.xml │ │ ├── ROOT_ECv3.xml │ │ ├── ROOT_RSAv1.xml │ │ ├── ROOT_RSAv3.xml │ │ ├── ROOTv1_CAv3_LEAFv1_nLEAF_RSAv3.xml │ │ ├── ROOTv1_CAv3_LEAFv2_nLEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_CAv3_PathLoop.xml │ │ ├── ROOTv3_CAv3_CaFalse_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_KeyUsageDigitalSignatures_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_KeyUsageNothing_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_LEAF_DHv3.xml │ │ ├── ROOTv3_CAv3_LEAF_DHv3_KeyAgreement.xml │ │ ├── ROOTv3_CAv3_LEAF_ECv3.xml │ │ ├── ROOTv3_CAv3_LEAF_ECv3_KeyAgreement.xml │ │ ├── ROOTv3_CAv3_LEAF_ECv3_KeyAgreement2.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv1.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv1_UniqueIdentifiers.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv2.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_CRLDistributionPoints.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_CertPolicy.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_EmptySigned.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_KeyUsageKeyAgreement.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_KeyUsageNothing.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_Md2withRSA.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_Md4withRSA.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_Md5withRSA.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_MismatchingAlgorithmParameters.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_MismatchingAlgorithms1.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_MismatchingAlgorithms2.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_NotYetValid.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_NullSigned.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_SelfSigned.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_UnknownCritExt.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_UnknownExt.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3__RDN_difference.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_expired.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_extendedKeyUsageCodeSign.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_extendedKeyUsageServerAuth.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAv3_weakKey.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAvNeg1.xml │ │ ├── ROOTv3_CAv3_LEAF_RSAvNeg1_nLeaf_RSAv3.xml │ │ ├── ROOTv3_CAv3_LEAFv1_nLEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_LEAFv2_nLEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_LEAFv3_nLEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_MalformedNameConstraints_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_NameConstraints_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SAN.xml │ │ ├── ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SAN2.xml │ │ ├── ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SAN2Crit.xml │ │ ├── ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SANCrit.xml │ │ ├── ROOTv3_CAv3_NoBasicConstraints_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3.xml │ │ ├── ROOTv3_CAv3_ZeroPathLen_CAv3_LEAF_RSAv3.xml │ │ ├── ROOTv3_LEAF_DHv3_DebugOnly.xml │ │ └── ROOTv3_NewFakeChain_ROOTv3_CAv3_LEAF_RSAv3.xml │ └── test │ ├── java │ └── de │ │ └── rub │ │ └── nds │ │ └── tlsscanner │ │ └── serverscanner │ │ ├── afterprobe │ │ ├── CertificateSignatureAndHashAlgorithmAfterProbeTest.java │ │ ├── DestinationPortAfterProbeTest.java │ │ ├── DhValueAfterProbeTest.java │ │ ├── PoodleAfterProbeTest.java │ │ ├── RaccoonAttackAfterProbeTest.java │ │ └── ServerRandomnessAfterProbeTest.java │ │ ├── guideline │ │ ├── AnalyzedPropertyGuidelineCheckTest.java │ │ ├── CertificateAgilityGuidelineCheckTest.java │ │ ├── CipherSuiteGuidelineCheckTest.java │ │ ├── ConditionalGuidelineCheckTest.java │ │ ├── ExtensionGuidelineCheckTest.java │ │ ├── HashAlgorithmsGuidelineCheckTest.java │ │ ├── NamedGroupsGuidelineCheckTest.java │ │ ├── SignatureAlgorithmsGuidelineCheckTest.java │ │ ├── SignatureAndHashAlgorithmsCertGuidelineCheckTest.java │ │ ├── SignatureAndHashAlgorithmsGuidelineCheckTest.java │ │ └── serialization │ │ │ ├── BsiGuidelineSerializationIT.java │ │ │ ├── GuidelineIOIT.java │ │ │ └── NistGuidelineSerializationIT.java │ │ ├── probe │ │ ├── AbstractProbeIT.java │ │ ├── AlpacaProbeIT.java │ │ ├── AlpnProbeIT.java │ │ ├── CertificateProbeIT.java │ │ ├── CipherSuiteOrderProbeIT.java │ │ ├── CipherSuiteProbeIT.java │ │ ├── CommonBugProbeIT.java │ │ ├── CompressionsProbeIT.java │ │ ├── ECPointFormatProbeIT.java │ │ ├── EarlyCcsProbeIT.java │ │ ├── EsniProbeIT.java │ │ ├── ExtensionProbeIT.java │ │ ├── HeartbleedProbeIT.java │ │ ├── HelloRetryProbeIT.java │ │ ├── HttpFalseStartProbeIT.java │ │ ├── HttpHeaderProbeIT.java │ │ ├── NamedCurvesOrderProbeIT.java │ │ ├── NamedGroupsProbeIT.java │ │ ├── ProtocolVersionProbeIT.java │ │ ├── RecordFragmentationProbeIT.java │ │ ├── RenegotiationProbeIT.java │ │ ├── ResumptionProbeIT.java │ │ ├── SessionTicketPaddingOracleProbeTest.java │ │ ├── SignatureAndHashAlgorithmProbeIT.java │ │ ├── SignatureHashAlgorithmOrderProbeIT.java │ │ ├── SniProbeIT.java │ │ ├── TlsFallbackScsvProbeIT.java │ │ ├── bleichenbacher │ │ │ └── vector │ │ │ │ └── Pkcs1VectorGeneratorTest.java │ │ ├── invalidcurve │ │ │ └── point │ │ │ │ ├── InvalidCurvePointTest.java │ │ │ │ └── TwistedCurvePointTest.java │ │ └── stats │ │ │ └── RandomExtractorTest.java │ │ ├── report │ │ ├── ProbeResultTest.java │ │ ├── ServerReportSerializerTest.java │ │ ├── ServerReportSerializes.java │ │ ├── ServerReportSerializesIT.java │ │ ├── SiteReportPrinterTest.java │ │ └── rating │ │ │ ├── DefaultInfluencersIT.java │ │ │ ├── DefaultRecommendationsIT.java │ │ │ ├── InfluencersSerializationIT.java │ │ │ ├── PropertyResultRatingInfluencerTest.java │ │ │ ├── RatingInfluencersIOIT.java │ │ │ ├── RecommendationsIOIT.java │ │ │ ├── RecommendationsSerializationIT.java │ │ │ └── ServerReportRaterTest.java │ │ └── test │ │ ├── AbstractDockerbasedIT.java │ │ └── AbstractScannerIT.java │ └── resources │ └── certificates │ └── cert.pem ├── license_header_plain.txt ├── pom.xml └── resources ├── inputCerts ├── dsarootv3.pem ├── ecrootv3.pem ├── rootv1.pem └── rootv3.pem └── keys ├── 2048_RSA_CA_KEY.pem ├── dhkey_1.pem ├── dhkey_10.pem ├── dhkey_2.pem ├── dhkey_3.pem ├── dhkey_4.pem ├── dhkey_5.pem ├── dhkey_6.pem ├── dhkey_7.pem ├── dhkey_8.pem ├── dhkey_9.pem ├── dhparam_1.pem ├── dhparam_10.pem ├── dhparam_2.pem ├── dhparam_3.pem ├── dhparam_4.pem ├── dhparam_5.pem ├── dhparam_6.pem ├── dhparam_7.pem ├── dhparam_8.pem ├── dhparam_9.pem ├── dhpubkey_1.pem ├── dhpubkey_10.pem ├── dhpubkey_2.pem ├── dhpubkey_3.pem ├── dhpubkey_4.pem ├── dhpubkey_5.pem ├── dhpubkey_6.pem ├── dhpubkey_7.pem ├── dhpubkey_8.pem ├── dhpubkey_9.pem ├── dsakey_1.pem ├── dsakey_10.pem ├── dsakey_2.pem ├── dsakey_3.pem ├── dsakey_4.pem ├── dsakey_5.pem ├── dsakey_6.pem ├── dsakey_7.pem ├── dsakey_8.pem ├── dsakey_9.pem ├── dsaparam_1.pem ├── dsaparam_10.pem ├── dsaparam_2.pem ├── dsaparam_3.pem ├── dsaparam_4.pem ├── dsaparam_5.pem ├── dsaparam_6.pem ├── dsaparam_7.pem ├── dsaparam_8.pem ├── dsaparam_9.pem ├── dsaparam_rootv3.pem ├── dsarootv3.pem ├── eckey_secp160k1.pem ├── eckey_secp160r1.pem ├── eckey_secp160r2.pem ├── eckey_secp192k1.pem ├── eckey_secp224k1.pem ├── eckey_secp224r1.pem ├── eckey_secp256k1.pem ├── eckey_secp256r1.pem ├── eckey_secp256r1_1.pem ├── eckey_secp256r1_2.pem ├── eckey_secp256r1_3.pem ├── eckey_secp256r1_4.pem ├── eckey_secp256r1_5.pem ├── eckey_secp384r1.pem ├── eckey_secp521r1.pem ├── eckey_sect163k1.pem ├── eckey_sect163r1.pem ├── eckey_sect163r2.pem ├── eckey_sect193r1.pem ├── eckey_sect193r2.pem ├── eckey_sect233k1.pem ├── eckey_sect233r1.pem ├── eckey_sect239k1.pem ├── eckey_sect283k1.pem ├── eckey_sect283r1.pem ├── eckey_sect409k1.pem ├── eckey_sect409r1.pem ├── eckey_sect571k1.pem ├── eckey_sect571r1.pem ├── ecparam_secp160k1.pem ├── ecparam_secp160r1.pem ├── ecparam_secp160r2.pem ├── ecparam_secp192k1.pem ├── ecparam_secp224k1.pem ├── ecparam_secp224r1.pem ├── ecparam_secp256k1.pem ├── ecparam_secp256r1.pem ├── ecparam_secp256r1_1.pem ├── ecparam_secp256r1_2.pem ├── ecparam_secp256r1_3.pem ├── ecparam_secp256r1_4.pem ├── ecparam_secp256r1_5.pem ├── ecparam_secp384r1.pem ├── ecparam_secp521r1.pem ├── ecparam_sect163k1.pem ├── ecparam_sect163r1.pem ├── ecparam_sect163r2.pem ├── ecparam_sect193r1.pem ├── ecparam_sect193r2.pem ├── ecparam_sect233k1.pem ├── ecparam_sect233r1.pem ├── ecparam_sect239k1.pem ├── ecparam_sect283k1.pem ├── ecparam_sect283r1.pem ├── ecparam_sect409k1.pem ├── ecparam_sect409r1.pem ├── ecparam_sect571k1.pem ├── ecparam_sect571r1.pem ├── ecpubkey_secp160k1.pem ├── ecpubkey_secp160r1.pem ├── ecpubkey_secp160r2.pem ├── ecpubkey_secp192k1.pem ├── ecpubkey_secp224k1.pem ├── ecpubkey_secp224r1.pem ├── ecpubkey_secp256k1.pem ├── ecpubkey_secp256r1.pem ├── ecpubkey_secp256r1_1.pem ├── ecpubkey_secp256r1_2.pem ├── ecpubkey_secp256r1_3.pem ├── ecpubkey_secp256r1_4.pem ├── ecpubkey_secp256r1_5.pem ├── ecpubkey_secp384r1.pem ├── ecpubkey_secp521r1.pem ├── ecpubkey_sect163k1.pem ├── ecpubkey_sect163r1.pem ├── ecpubkey_sect163r2.pem ├── ecpubkey_sect193r1.pem ├── ecpubkey_sect193r2.pem ├── ecpubkey_sect233k1.pem ├── ecpubkey_sect233r1.pem ├── ecpubkey_sect239k1.pem ├── ecpubkey_sect283k1.pem ├── ecpubkey_sect283r1.pem ├── ecpubkey_sect409k1.pem ├── ecpubkey_sect409r1.pem ├── ecpubkey_sect571k1.pem ├── ecpubkey_sect571r1.pem ├── ecrootv3.pem ├── ecrootv3_param.pem ├── ecrootv3_pub.pem ├── genkey.sh ├── p384-key-rogue.pem ├── root.pem ├── rootv1.pem ├── rootv3.pem ├── rsakey_1.pem ├── rsakey_10.pem ├── rsakey_2.pem ├── rsakey_3.pem ├── rsakey_4.pem ├── rsakey_5.pem ├── rsakey_6.pem ├── rsakey_7.pem ├── rsakey_8.pem ├── rsakey_9.pem └── rsakey_weak512.pem /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | registries: 3 | rub-nexus: 4 | type: maven-repository 5 | url: https://hydrogen.cloud.nds.rub.de/nexus/repository/maven-releases/ 6 | username: dependabot 7 | password: ${{secrets.DEPENDABOT_NEXUS_PASSWORD}} 8 | updates: 9 | - package-ecosystem: "maven" 10 | directory: "/" 11 | schedule: 12 | # Check for dependency updates on a daily basis 13 | interval: "daily" 14 | open-pull-requests-limit: 20 15 | registries: "*" 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # (build) artifacts 2 | apps/ 3 | target/ 4 | outputcerts/ 5 | trust_stores_observatory/ 6 | log/ 7 | */src/main/resources/trust/* 8 | 9 | # Eclipse 10 | **/.classpath 11 | **/.project 12 | **/.settings/ 13 | .project 14 | 15 | # Netbeans 16 | nbproject/ 17 | nbactions.xml.project 18 | nbactions.xml 19 | 20 | # IntelliJ 21 | .idea/ 22 | *.iml 23 | 24 | # Maven 25 | **/pom.xml.* 26 | **/release.properties 27 | **/.flattened-pom.xml 28 | 29 | # VS Code 30 | .factorypath -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "trust_stores_observatory"] 2 | path = trust_stores_observatory 3 | url = https://github.com/nabla-c0d3/trust_stores_observatory 4 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM maven:3.9.9-eclipse-temurin-21-jammy AS build-image 2 | WORKDIR /build 3 | RUN git clone https://github.com/RUB-NDS/TLS-Scanner.git 4 | 5 | WORKDIR /build/TLS-Scanner 6 | RUN git submodule update --init --recursive 7 | RUN mvn clean package 8 | 9 | ############# 10 | FROM eclipse-temurin:21 11 | 12 | COPY --from=build-image /build/TLS-Scanner/apps /apps 13 | 14 | WORKDIR /apps 15 | ENTRYPOINT ["java", "-jar", "TLS-Server-Scanner.jar"] 16 | -------------------------------------------------------------------------------- /Dockerfile_Jenkins: -------------------------------------------------------------------------------- 1 | FROM eclipse-temurin:21 2 | 3 | COPY ./apps/ /apps/ 4 | WORKDIR /apps 5 | ENTRYPOINT ["java", "-jar", "TLS-Server-Scanner.jar"] 6 | -------------------------------------------------------------------------------- /TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/constants/CompositeModulusType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.clientscanner.constants; 10 | 11 | public enum CompositeModulusType { 12 | EVEN, 13 | MOD3 14 | } 15 | -------------------------------------------------------------------------------- /TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/constants/SmallSubgroupType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.clientscanner.constants; 10 | 11 | public enum SmallSubgroupType { 12 | GENERATOR_ONE, 13 | GENERATOR_ZERO, 14 | MODULUS_ONE, 15 | MODULUS_ZERO, 16 | } 17 | -------------------------------------------------------------------------------- /TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/TlsClientProbe.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.clientscanner.probe; 10 | 11 | import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor; 12 | import de.rub.nds.tlsscanner.clientscanner.config.ClientScannerConfig; 13 | import de.rub.nds.tlsscanner.clientscanner.report.ClientReport; 14 | import de.rub.nds.tlsscanner.core.constants.TlsProbeType; 15 | import de.rub.nds.tlsscanner.core.probe.TlsProbe; 16 | import org.apache.logging.log4j.LogManager; 17 | import org.apache.logging.log4j.Logger; 18 | 19 | public abstract class TlsClientProbe extends TlsProbe { 20 | 21 | protected static final Logger LOGGER = LogManager.getLogger(); 22 | 23 | protected final ClientScannerConfig scannerConfig; 24 | 25 | protected TlsClientProbe( 26 | ParallelExecutor parallelExecutor, 27 | TlsProbeType type, 28 | ClientScannerConfig scannerConfig) { 29 | super(parallelExecutor, type); 30 | this.scannerConfig = scannerConfig; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/result/dhe/CompositeModulusResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.clientscanner.probe.result.dhe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResult; 12 | import de.rub.nds.tlsscanner.clientscanner.constants.CompositeModulusType; 13 | 14 | public class CompositeModulusResult { 15 | 16 | private final TestResult result; 17 | private final CompositeModulusType type; 18 | 19 | public CompositeModulusResult(TestResult result, CompositeModulusType type) { 20 | this.result = result; 21 | this.type = type; 22 | } 23 | 24 | public TestResult getResult() { 25 | return result; 26 | } 27 | 28 | public CompositeModulusType getType() { 29 | return type; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/result/dhe/SmallSubgroupResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.clientscanner.probe.result.dhe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResult; 12 | import de.rub.nds.tlsscanner.clientscanner.constants.SmallSubgroupType; 13 | 14 | public class SmallSubgroupResult { 15 | 16 | private final TestResult result; 17 | private final SmallSubgroupType type; 18 | 19 | public SmallSubgroupResult(TestResult result, SmallSubgroupType type) { 20 | this.result = result; 21 | this.type = type; 22 | } 23 | 24 | public TestResult getResult() { 25 | return result; 26 | } 27 | 28 | public SmallSubgroupType getType() { 29 | return type; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/report/ClientReportPrinter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.clientscanner.report; 10 | 11 | import de.rub.nds.scanner.core.config.ScannerDetail; 12 | import de.rub.nds.scanner.core.report.PrintingScheme; 13 | import de.rub.nds.scanner.core.report.ReportPrinter; 14 | 15 | public class ClientReportPrinter extends ReportPrinter { 16 | 17 | public ClientReportPrinter( 18 | ClientReport report, 19 | ScannerDetail detail, 20 | PrintingScheme scheme, 21 | boolean printColorful) { 22 | super(detail, scheme, printColorful, report); 23 | } 24 | 25 | @Override 26 | public String getFullReport() { 27 | throw new UnsupportedOperationException("Not supported yet."); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /TLS-Client-Scanner/src/main/resources/log4j2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/CertificateLength.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.constants; 10 | 11 | public enum CertificateLength { 12 | TWO(2), 13 | THREE(3); 14 | 15 | private int length; 16 | 17 | private CertificateLength(int i) { 18 | this.length = i; 19 | } 20 | 21 | public int getLength() { 22 | return length; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/ProtocolType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.constants; 10 | 11 | public enum ProtocolType { 12 | TLS("TLS"), 13 | DTLS("DTLS"), 14 | STARTTLS("STARTTLS"), 15 | QUIC("QUIC"); 16 | 17 | private String name; 18 | 19 | private ProtocolType(String name) { 20 | this.name = name; 21 | } 22 | 23 | public String getName() { 24 | return name; 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/QuicAnalyzedPropertyCategory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.constants; 10 | 11 | import de.rub.nds.scanner.core.probe.AnalyzedPropertyCategory; 12 | import jakarta.xml.bind.annotation.XmlRootElement; 13 | 14 | @XmlRootElement 15 | public enum QuicAnalyzedPropertyCategory implements AnalyzedPropertyCategory { 16 | VERSIONS, 17 | TRANSPORT_PARAMETERS, 18 | CONNECTION_MIGRATION, 19 | QUIRKS, 20 | RETRY_PACKET, 21 | NEW_CONNECTION_ID_FRAME, 22 | NEW_TOKEN_FRAME, 23 | FRAGMENTATION, 24 | } 25 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/QuicProbeType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.constants; 10 | 11 | import de.rub.nds.scanner.core.probe.ProbeType; 12 | 13 | public enum QuicProbeType implements ProbeType { 14 | // SERVER SPECIFIC PROBES 15 | SUPPORTED_VERSIONS("Supported Versions"), 16 | TRANSPORT_PARAMETERS("Transport Parameters"), 17 | TLS12_HANDSHAKE("TLS 1.2 Handshake"), 18 | CONNECTION_MIGRATION("Connection Migration"), 19 | RETRY_PACKET("Retry Packet"), 20 | AFTER_HANDSHAKE("After Handhshake"), 21 | ANTI_DOS_LIMIT("Anti DoS Limit"), 22 | FRAGMENTATION("Fragmentation"); 23 | 24 | @Override 25 | public String getName() { 26 | return humanReadableName; 27 | } 28 | 29 | private String humanReadableName; 30 | 31 | QuicProbeType(String humanReadableName) { 32 | this.humanReadableName = humanReadableName; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/RandomType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.constants; 10 | 11 | /** Enum representing types of randomness you can encounter during and after TLS Handshakes. */ 12 | public enum RandomType { 13 | /** Initialization Vectors used in CBC Cipher suites. */ 14 | CBC_IV("CBC IV"), 15 | /** Session IDs used for session resumption used in the ServerHello Message. */ 16 | SESSION_ID("Session ID"), 17 | /** Random byte string to ensure unique TLS Handshakes used in the ServerHello Message. */ 18 | RANDOM("Nonce (Random)"), 19 | /** Stateless cookie to prevent DoS attacks in DTLS. */ 20 | COOKIE("Cookie"); 21 | 22 | private String humanReadableName; 23 | 24 | private RandomType(String humanReadableName) { 25 | this.humanReadableName = humanReadableName; 26 | } 27 | 28 | public String getHumanReadableName() { 29 | return humanReadableName; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/TlsAnalyzedPropertyCategory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.constants; 10 | 11 | import de.rub.nds.scanner.core.probe.AnalyzedPropertyCategory; 12 | import jakarta.xml.bind.annotation.XmlRootElement; 13 | 14 | @XmlRootElement 15 | public enum TlsAnalyzedPropertyCategory implements AnalyzedPropertyCategory { 16 | CONNECTION, 17 | ESNI, 18 | VERSIONS, 19 | CIPHER_SUITES, 20 | EXTENSIONS, 21 | SESSION_RESUMPTION, 22 | RENEGOTIATION, 23 | HTTPS_HEADERS, 24 | QUIRKS, 25 | ATTACKS, 26 | COMPARISON_FAILURE, 27 | CERTIFICATE, 28 | CERTIFICATE_TRANSPARENCY, 29 | OCSP, 30 | FRESHNESS, 31 | SNI, 32 | COMPRESSION, 33 | EC, 34 | FFDHE, 35 | BEST_PRACTICES, 36 | DTLS, 37 | HELLO_VERIFY_REQUEST, 38 | MAC, 39 | HELLO_RETRY_REQUEST, 40 | APPLICATION_LAYER, 41 | CLIENT_ADVERTISED 42 | } 43 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/ByteArrayDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonParser; 12 | import com.fasterxml.jackson.databind.DeserializationContext; 13 | import com.fasterxml.jackson.databind.deser.std.StdDeserializer; 14 | import java.io.IOException; 15 | 16 | public class ByteArrayDeserializer extends StdDeserializer { 17 | 18 | public ByteArrayDeserializer() { 19 | super(byte[].class); 20 | } 21 | 22 | @Override 23 | public byte[] deserialize(JsonParser jp, DeserializationContext dc) throws IOException { 24 | // TODO NEED TO BE IMPLEMENTED 25 | return null; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/ByteArraySerializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonGenerator; 12 | import com.fasterxml.jackson.databind.SerializerProvider; 13 | import com.fasterxml.jackson.databind.ser.std.StdSerializer; 14 | import de.rub.nds.modifiablevariable.util.ArrayConverter; 15 | import java.io.IOException; 16 | 17 | public class ByteArraySerializer extends StdSerializer { 18 | 19 | public ByteArraySerializer() { 20 | super(byte[].class); 21 | } 22 | 23 | @Override 24 | public void serialize( 25 | byte[] bytes, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) 26 | throws IOException { 27 | jsonGenerator.writeString( 28 | ArrayConverter.bytesToHexString(bytes, false, false).replace(" ", "")); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/ConnectionCloseFrameSerializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonGenerator; 12 | import com.fasterxml.jackson.databind.SerializerProvider; 13 | import com.fasterxml.jackson.databind.ser.std.StdSerializer; 14 | import de.rub.nds.tlsattacker.core.quic.frame.ConnectionCloseFrame; 15 | import java.io.IOException; 16 | 17 | public class ConnectionCloseFrameSerializer extends StdSerializer { 18 | 19 | public ConnectionCloseFrameSerializer() { 20 | super(ConnectionCloseFrame.class); 21 | } 22 | 23 | @Override 24 | public void serialize( 25 | ConnectionCloseFrame frame, 26 | JsonGenerator jsonGenerator, 27 | SerializerProvider serializerProvider) 28 | throws IOException { 29 | jsonGenerator.writeString(frame.toString()); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/ExtractedValueContainerDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonParser; 12 | import com.fasterxml.jackson.databind.DeserializationContext; 13 | import com.fasterxml.jackson.databind.JsonNode; 14 | import com.fasterxml.jackson.databind.deser.std.StdDeserializer; 15 | import de.rub.nds.scanner.core.passive.ExtractedValueContainer; 16 | import de.rub.nds.tlsscanner.core.passive.TrackableValueType; 17 | import java.io.IOException; 18 | 19 | public class ExtractedValueContainerDeserializer 20 | extends StdDeserializer> { 21 | 22 | public ExtractedValueContainerDeserializer() { 23 | super(ExtractedValueContainer.class); 24 | } 25 | 26 | @Override 27 | public ExtractedValueContainer deserialize(JsonParser jp, DeserializationContext dc) 28 | throws IOException { 29 | JsonNode node = jp.getCodec().readTree(jp); 30 | TrackableValueType type = TrackableValueType.valueOf(node.get("type").asText()); 31 | // TODO THIS HAS TO HAVE A FULL IMPLEMENTATION 32 | return new ExtractedValueContainer<>(type); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/FieldElementDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonParser; 12 | import com.fasterxml.jackson.databind.DeserializationContext; 13 | import com.fasterxml.jackson.databind.deser.std.StdDeserializer; 14 | import de.rub.nds.protocol.crypto.ec.FieldElement; 15 | import java.io.IOException; 16 | 17 | public class FieldElementDeserializer extends StdDeserializer { 18 | 19 | public FieldElementDeserializer() { 20 | super(FieldElement.class); 21 | } 22 | 23 | @Override 24 | public FieldElement deserialize(JsonParser jp, DeserializationContext dc) throws IOException { 25 | // TODO NEED TO BE IMPLEMENTED 26 | return null; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/HttpsHeaderDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonParser; 12 | import com.fasterxml.jackson.databind.DeserializationContext; 13 | import com.fasterxml.jackson.databind.deser.std.StdDeserializer; 14 | import de.rub.nds.tlsattacker.core.http.header.HttpHeader; 15 | import java.io.IOException; 16 | 17 | public class HttpsHeaderDeserializer extends StdDeserializer { 18 | 19 | public HttpsHeaderDeserializer() { 20 | super(HttpHeader.class); 21 | } 22 | 23 | @Override 24 | public HttpHeader deserialize(JsonParser jp, DeserializationContext dc) throws IOException { 25 | // TODO NEED TO BE IMPLEMENTED 26 | return null; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/HttpsHeaderSerializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonGenerator; 12 | import com.fasterxml.jackson.databind.SerializerProvider; 13 | import com.fasterxml.jackson.databind.ser.std.StdSerializer; 14 | import de.rub.nds.tlsattacker.core.http.header.HttpHeader; 15 | import java.io.IOException; 16 | 17 | public class HttpsHeaderSerializer extends StdSerializer { 18 | 19 | public HttpsHeaderSerializer() { 20 | super(HttpHeader.class); 21 | } 22 | 23 | @Override 24 | public void serialize( 25 | HttpHeader header, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) 26 | throws IOException { 27 | jsonGenerator.writeStartObject(); 28 | jsonGenerator.writeStringField("header", header.getHeaderName().getValue()); 29 | jsonGenerator.writeStringField("value", header.getHeaderValue().getValue()); 30 | jsonGenerator.writeEndObject(); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/PointDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonParser; 12 | import com.fasterxml.jackson.databind.DeserializationContext; 13 | import com.fasterxml.jackson.databind.JsonNode; 14 | import com.fasterxml.jackson.databind.deser.std.StdDeserializer; 15 | import de.rub.nds.protocol.crypto.ec.Point; 16 | import java.io.IOException; 17 | 18 | public class PointDeserializer extends StdDeserializer { 19 | 20 | public PointDeserializer() { 21 | super(Point.class); 22 | } 23 | 24 | @Override 25 | public Point deserialize(JsonParser jp, DeserializationContext dc) throws IOException { 26 | JsonNode node = jp.getCodec().readTree(jp); 27 | // TODO NEED TO BE IMPLEMENTED 28 | return null; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/PointSerializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonGenerator; 12 | import com.fasterxml.jackson.databind.SerializerProvider; 13 | import com.fasterxml.jackson.databind.ser.std.StdSerializer; 14 | import de.rub.nds.protocol.crypto.ec.Point; 15 | import java.io.IOException; 16 | 17 | public class PointSerializer extends StdSerializer { 18 | 19 | public PointSerializer() { 20 | super(Point.class); 21 | } 22 | 23 | @Override 24 | public void serialize( 25 | Point point, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) 26 | throws IOException { 27 | jsonGenerator.writeStartObject(); 28 | jsonGenerator.writeStringField("x", point.getFieldX().getData().toString()); 29 | jsonGenerator.writeStringField("y", point.getFieldY().getData().toString()); 30 | jsonGenerator.writeEndObject(); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/PublicKeyDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonParser; 12 | import com.fasterxml.jackson.databind.DeserializationContext; 13 | import com.fasterxml.jackson.databind.JsonNode; 14 | import com.fasterxml.jackson.databind.deser.std.StdDeserializer; 15 | import java.io.IOException; 16 | import java.security.PublicKey; 17 | 18 | public class PublicKeyDeserializer extends StdDeserializer { 19 | 20 | public PublicKeyDeserializer() { 21 | super(PublicKey.class); 22 | } 23 | 24 | @Override 25 | public PublicKey deserialize(JsonParser jp, DeserializationContext dc) throws IOException { 26 | JsonNode node = jp.getCodec().readTree(jp); 27 | // TODO NEED TO BE IMPLEMENTED 28 | return null; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/converter/VectorSerializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.converter; 10 | 11 | import com.fasterxml.jackson.core.JsonGenerator; 12 | import com.fasterxml.jackson.databind.SerializerProvider; 13 | import com.fasterxml.jackson.databind.ser.std.StdSerializer; 14 | import de.rub.nds.tlsscanner.core.vector.Vector; 15 | import java.io.IOException; 16 | 17 | public class VectorSerializer extends StdSerializer { 18 | 19 | public VectorSerializer() { 20 | super(Vector.class); 21 | } 22 | 23 | @Override 24 | public void serialize( 25 | Vector vector, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) 26 | throws IOException { 27 | jsonGenerator.writeString(vector.getName()); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/exceptions/AttackFailedException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.exceptions; 10 | 11 | public class AttackFailedException extends RuntimeException { 12 | 13 | public AttackFailedException() {} 14 | 15 | /** 16 | * @param message 17 | */ 18 | public AttackFailedException(String message) { 19 | super(message); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/exceptions/OracleUnstableException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.exceptions; 10 | 11 | public class OracleUnstableException extends RuntimeException { 12 | 13 | public OracleUnstableException() {} 14 | 15 | /** 16 | * @param message 17 | */ 18 | public OracleUnstableException(String message) { 19 | super(message); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/passive/TrackableValueType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.passive; 10 | 11 | import de.rub.nds.scanner.core.passive.TrackableValue; 12 | 13 | public enum TrackableValueType implements TrackableValue { 14 | COOKIE, 15 | RANDOM, 16 | SESSION_ID, 17 | SESSION_TICKET, 18 | DHE_PUBLICKEY, 19 | ECDHE_PUBKEY, 20 | GCM_NONCE_EXPLICIT, 21 | CBC_IV, 22 | DTLS_RETRANSMISSIONS, 23 | DESTINATION_PORT, 24 | } 25 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/IdentifierResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.padding; 10 | 11 | import de.rub.nds.tlsscanner.core.vector.response.ResponseFingerprint; 12 | 13 | public class IdentifierResponse { 14 | 15 | private final String identifier; 16 | 17 | private final ResponseFingerprint fingerprint; 18 | 19 | public IdentifierResponse(String identifier, ResponseFingerprint fingerprint) { 20 | this.identifier = identifier; 21 | this.fingerprint = fingerprint; 22 | } 23 | 24 | public String getIdentifier() { 25 | return identifier; 26 | } 27 | 28 | public ResponseFingerprint getFingerprint() { 29 | return fingerprint; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/PaddingOracleStrength.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.padding; 10 | 11 | public enum PaddingOracleStrength { 12 | WEAK, 13 | STRONG, 14 | POODLE 15 | } 16 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/constants/PaddingRecordGeneratorType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.padding.constants; 10 | 11 | public enum PaddingRecordGeneratorType { 12 | VERY_SHORT, 13 | SHORT, 14 | MEDIUM, 15 | LONG, 16 | LONG_RECORD 17 | } 18 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/constants/PaddingVectorGeneratorType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.padding.constants; 10 | 11 | public enum PaddingVectorGeneratorType { 12 | CLASSIC, 13 | CLASSIC_DYNAMIC, 14 | FINISHED, 15 | FINISHED_RESUMPTION, 16 | CLOSE_NOTIFY, 17 | HEARTBEAT, 18 | } 19 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/vector/PaddingVector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.padding.vector; 10 | 11 | import de.rub.nds.tlsattacker.core.constants.CipherSuite; 12 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 13 | import de.rub.nds.tlsattacker.core.record.Record; 14 | import de.rub.nds.tlsscanner.core.vector.Vector; 15 | 16 | public abstract class PaddingVector implements Vector { 17 | 18 | protected final String name; 19 | 20 | protected final String identifier; 21 | 22 | public PaddingVector(String name, String identifier) { 23 | this.name = name; 24 | this.identifier = identifier; 25 | } 26 | 27 | public abstract Record createRecord(); 28 | 29 | public abstract int getRecordLength( 30 | CipherSuite testedSuite, ProtocolVersion testedVersion, int appDataLength); 31 | 32 | @Override 33 | public String getName() { 34 | return name; 35 | } 36 | 37 | public String getIdentifier() { 38 | return identifier; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/vector/PaddingVectorGenerator.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.padding.vector; 10 | 11 | import de.rub.nds.tlsattacker.core.constants.CipherSuite; 12 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 13 | import java.util.List; 14 | 15 | public abstract class PaddingVectorGenerator { 16 | 17 | public abstract List getVectors(CipherSuite suite, ProtocolVersion version); 18 | 19 | /** 20 | * Creates an array of (padding+1) padding bytes. 21 | * 22 | *

Example for padding 03: [03 03 03 03] 23 | * 24 | * @param padding 25 | * @return 26 | */ 27 | protected final byte[] createPaddingBytes(int padding) { 28 | byte[] paddingBytes = new byte[padding + 1]; 29 | for (int i = 0; i < paddingBytes.length; i++) { 30 | paddingBytes[i] = (byte) padding; 31 | } 32 | return paddingBytes; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/requirements/ExtensionRequirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.requirements; 10 | 11 | import de.rub.nds.scanner.core.probe.requirements.PrimitiveRequirement; 12 | import de.rub.nds.scanner.core.probe.requirements.Requirement; 13 | import de.rub.nds.tlsattacker.core.constants.ExtensionType; 14 | import de.rub.nds.tlsscanner.core.report.TlsScanReport; 15 | import java.util.HashSet; 16 | import java.util.List; 17 | 18 | /** Represents a {@link Requirement} for required {@link ExtensionType}s. */ 19 | public class ExtensionRequirement 20 | extends PrimitiveRequirement { 21 | 22 | public ExtensionRequirement(List extensions) { 23 | super(extensions); 24 | } 25 | 26 | public ExtensionRequirement(ExtensionType... extensions) { 27 | super(List.of(extensions)); 28 | } 29 | 30 | @Override 31 | public boolean evaluate(ReportT report) { 32 | if (parameters.size() == 0) { 33 | return true; 34 | } 35 | List extensionTypes = report.getSupportedExtensions(); 36 | if (extensionTypes == null) { 37 | return false; 38 | } 39 | return new HashSet<>(extensionTypes).containsAll(parameters); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/requirements/OptionsRequirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.requirements; 10 | 11 | import de.rub.nds.scanner.core.probe.ProbeType; 12 | import de.rub.nds.scanner.core.probe.requirements.Requirement; 13 | import de.rub.nds.tlsscanner.core.config.TlsScannerConfig; 14 | import de.rub.nds.tlsscanner.core.report.TlsScanReport; 15 | 16 | /** Represents a {@link Requirement} for additional, optional flags in commands. */ 17 | public abstract class OptionsRequirement< 18 | ReportT extends TlsScanReport, ConfigT extends TlsScannerConfig> 19 | extends Requirement { 20 | 21 | protected final ConfigT scannerConfig; 22 | 23 | /* ProbeType of the respective option. */ 24 | protected final ProbeType probeType; 25 | 26 | /** 27 | * @param scannerConfig the {@link TlsScannerConfig}. 28 | * @param probeType the {@link ProbeType} of the option. 29 | */ 30 | public OptionsRequirement(ConfigT scannerConfig, ProbeType probeType) { 31 | this.scannerConfig = scannerConfig; 32 | this.probeType = probeType; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/requirements/ProtocolTypeFalseRequirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.requirements; 10 | 11 | import de.rub.nds.scanner.core.probe.requirements.Requirement; 12 | import de.rub.nds.tlsscanner.core.constants.ProtocolType; 13 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 14 | import de.rub.nds.tlsscanner.core.report.TlsScanReport; 15 | 16 | /** 17 | * Represents a {@link Requirement} for required {@link TlsAnalyzedProperty} properties which were 18 | * negatively evaluated. 19 | */ 20 | public class ProtocolTypeFalseRequirement 21 | extends ProtocolTypeRequirement { 22 | 23 | public ProtocolTypeFalseRequirement(ProtocolType protocolType) { 24 | super(false, protocolType); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/requirements/ProtocolTypeRequirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.requirements; 10 | 11 | import de.rub.nds.scanner.core.probe.requirements.Requirement; 12 | import de.rub.nds.tlsscanner.core.constants.ProtocolType; 13 | import de.rub.nds.tlsscanner.core.report.TlsScanReport; 14 | 15 | /** Represents a {@link Requirement} of required supported {@link ProtocolType}s. */ 16 | public class ProtocolTypeRequirement extends Requirement { 17 | 18 | private final ProtocolType protocolType; 19 | 20 | private final boolean requiredBooleanResult; 21 | 22 | public ProtocolTypeRequirement(boolean requiredBooleanResult, ProtocolType protocolType) { 23 | this.protocolType = protocolType; 24 | this.requiredBooleanResult = requiredBooleanResult; 25 | } 26 | 27 | @Override 28 | public boolean evaluate(ReportT report) { 29 | return (report.getProtocolType() == protocolType) == requiredBooleanResult; 30 | } 31 | 32 | @Override 33 | public String toString() { 34 | return String.format( 35 | "ProtocolTypeRequirement[%s: %s]", requiredBooleanResult, protocolType); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/requirements/ProtocolTypeTrueRequirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.requirements; 10 | 11 | import de.rub.nds.scanner.core.probe.requirements.Requirement; 12 | import de.rub.nds.tlsscanner.core.constants.ProtocolType; 13 | import de.rub.nds.tlsscanner.core.report.TlsScanReport; 14 | 15 | /** 16 | * Represents a {@link Requirement} for required {@link ProtocolType} properties which were 17 | * positively evaluated. 18 | */ 19 | public class ProtocolTypeTrueRequirement 20 | extends ProtocolTypeRequirement { 21 | 22 | public ProtocolTypeTrueRequirement(ProtocolType protocolType) { 23 | super(true, protocolType); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/requirements/ProtocolVersionRequirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.requirements; 10 | 11 | import de.rub.nds.scanner.core.probe.requirements.PrimitiveRequirement; 12 | import de.rub.nds.scanner.core.probe.requirements.Requirement; 13 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 14 | import de.rub.nds.tlsscanner.core.report.TlsScanReport; 15 | import java.util.HashSet; 16 | import java.util.List; 17 | 18 | /** Represents a {@link Requirement} of required supported {@link ProtocolVersion}s. */ 19 | public class ProtocolVersionRequirement 20 | extends PrimitiveRequirement { 21 | public ProtocolVersionRequirement(List protocolVersions) { 22 | super(protocolVersions); 23 | } 24 | 25 | public ProtocolVersionRequirement(ProtocolVersion... protocolVersions) { 26 | super(List.of(protocolVersions)); 27 | } 28 | 29 | @Override 30 | public boolean evaluate(ReportT report) { 31 | if (parameters.size() == 0) { 32 | return true; 33 | } 34 | List protocolVersions = report.getSupportedProtocolVersions(); 35 | if (protocolVersions == null) { 36 | return false; 37 | } 38 | return new HashSet<>(protocolVersions).containsAll(parameters); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/result/VersionSuiteListPair.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.probe.result; 10 | 11 | import de.rub.nds.tlsattacker.core.constants.CipherSuite; 12 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 13 | import java.io.Serializable; 14 | import java.util.List; 15 | 16 | public class VersionSuiteListPair implements Serializable { 17 | 18 | private final ProtocolVersion version; 19 | 20 | private final List cipherSuiteList; 21 | 22 | /** Private no-arg constructor to please JAXB */ 23 | @SuppressWarnings("unused") 24 | private VersionSuiteListPair() { 25 | version = null; 26 | cipherSuiteList = null; 27 | } 28 | 29 | public VersionSuiteListPair(ProtocolVersion version, List cipherSuiteList) { 30 | this.version = version; 31 | this.cipherSuiteList = cipherSuiteList; 32 | } 33 | 34 | public ProtocolVersion getVersion() { 35 | return version; 36 | } 37 | 38 | public List getCipherSuiteList() { 39 | return cipherSuiteList; 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/report/CipherSuiteGrade.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.report; 10 | 11 | public enum CipherSuiteGrade { 12 | GOOD, 13 | LOW, 14 | MEDIUM, 15 | NONE 16 | } 17 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/report/StrengthMeter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.report; 10 | 11 | public enum StrengthMeter { 12 | VERY_WEAK, 13 | WEAK, 14 | MEDIUM, 15 | STRONG, 16 | VERY_STRONG, 17 | } 18 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/task/FingerprintTaskVectorPair.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.task; 10 | 11 | import de.rub.nds.tlsscanner.core.vector.Vector; 12 | import de.rub.nds.tlsscanner.core.vector.VectorResponse; 13 | 14 | public class FingerprintTaskVectorPair { 15 | 16 | private final FingerPrintTask fingerPrintTask; 17 | 18 | private final VectorT vector; 19 | 20 | public FingerprintTaskVectorPair(FingerPrintTask fingerPrintTask, VectorT vector) { 21 | this.fingerPrintTask = fingerPrintTask; 22 | this.vector = vector; 23 | } 24 | 25 | public FingerPrintTask getFingerPrintTask() { 26 | return fingerPrintTask; 27 | } 28 | 29 | public VectorT getVector() { 30 | return vector; 31 | } 32 | 33 | @Override 34 | public String toString() { 35 | return "FingerprintTaskVectorPair{" 36 | + "fingerPrintTask=" 37 | + fingerPrintTask 38 | + ", vector=" 39 | + vector 40 | + '}'; 41 | } 42 | 43 | public VectorResponse toVectorResponse() { 44 | return new VectorResponse(vector, fingerPrintTask.getFingerprint()); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/trust/CertificateEntry.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.trust; 10 | 11 | import com.fasterxml.jackson.annotation.JsonProperty; 12 | 13 | public class CertificateEntry { 14 | 15 | @JsonProperty("subject_name") 16 | private final String subjectName; 17 | 18 | @JsonProperty("fingerprint") 19 | private final String fingerprint; 20 | 21 | public CertificateEntry(String subjectName, String fingerprint) { 22 | this.subjectName = subjectName; 23 | this.fingerprint = fingerprint; 24 | } 25 | 26 | public CertificateEntry() { 27 | subjectName = null; 28 | fingerprint = null; 29 | } 30 | 31 | public String getSubjectName() { 32 | return subjectName; 33 | } 34 | 35 | public String getFingerprint() { 36 | return fingerprint; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/util/CollectionUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.util; 10 | 11 | import java.util.Collection; 12 | import java.util.HashSet; 13 | import java.util.Set; 14 | 15 | public class CollectionUtils { 16 | 17 | public static Set mergeCollectionsIntoSet(Collection... collections) { 18 | Set mergeResult = new HashSet<>(); 19 | for (Collection currentCollection : collections) { 20 | if (currentCollection == null) { 21 | continue; 22 | } 23 | 24 | mergeResult.addAll(currentCollection); 25 | } 26 | return mergeResult; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/vector/Vector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.vector; 10 | 11 | public interface Vector { 12 | 13 | @Override 14 | public boolean equals(Object vector); 15 | 16 | public String getName(); 17 | } 18 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/vector/VectorResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.vector; 10 | 11 | import de.rub.nds.tlsscanner.core.vector.response.ResponseFingerprint; 12 | 13 | public class VectorResponse { 14 | 15 | private final ResponseFingerprint fingerprint; 16 | 17 | private final Vector vector; 18 | 19 | public VectorResponse(Vector vector, ResponseFingerprint fingerprint) { 20 | this.vector = vector; 21 | this.fingerprint = fingerprint; 22 | } 23 | 24 | public Vector getVector() { 25 | return vector; 26 | } 27 | 28 | public ResponseFingerprint getFingerprint() { 29 | return fingerprint; 30 | } 31 | 32 | @Override 33 | public String toString() { 34 | return "VectorResponse{" + "fingerprint=" + fingerprint + ", vector=" + vector + '}'; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/vector/response/EqualityError.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.vector.response; 10 | 11 | public enum EqualityError { 12 | 13 | /** */ 14 | NONE, 15 | /** */ 16 | SOCKET_STATE, 17 | /** */ 18 | MESSAGE_COUNT, 19 | /** */ 20 | RECORD_COUNT, 21 | /** */ 22 | RECORD_CLASS, 23 | /** */ 24 | MESSAGE_CLASS, 25 | /** */ 26 | MESSAGE_CONTENT, 27 | /** */ 28 | RECORD_CONTENT_TYPE, 29 | /** */ 30 | RECORD_LENGTH, 31 | /** */ 32 | RECORD_VERSION, 33 | /** */ 34 | RECORD_CONTENT; 35 | } 36 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/vector/response/FingerprintSecretPair.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.vector.response; 10 | 11 | public class FingerprintSecretPair { 12 | 13 | private final ResponseFingerprint fingerprint; 14 | private final int appliedSecret; 15 | 16 | /** Private no-arg constructor to please JAXB */ 17 | @SuppressWarnings("unused") 18 | private FingerprintSecretPair() { 19 | fingerprint = null; 20 | appliedSecret = 0; 21 | } 22 | 23 | public FingerprintSecretPair(ResponseFingerprint fingerprint, int appliedSecret) { 24 | this.fingerprint = fingerprint; 25 | this.appliedSecret = appliedSecret; 26 | } 27 | 28 | public ResponseFingerprint getFingerprint() { 29 | return fingerprint; 30 | } 31 | 32 | public int getAppliedSecret() { 33 | return appliedSecret; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/vector/statistics/NondeterminismType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.vector.statistics; 10 | 11 | public enum NondeterminismType { 12 | CONNECTION, 13 | HETEROGENEOUS, 14 | MIXED 15 | } 16 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/vector/statistics/ResponseCounter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.vector.statistics; 10 | 11 | import de.rub.nds.tlsscanner.core.vector.response.ResponseFingerprint; 12 | 13 | public class ResponseCounter { 14 | 15 | private final ResponseFingerprint fingerprint; 16 | 17 | private int counter; 18 | 19 | private int total; 20 | 21 | public ResponseCounter(ResponseFingerprint fingerprint, int counter, int total) { 22 | this.fingerprint = fingerprint; 23 | this.counter = counter; 24 | this.total = total; 25 | } 26 | 27 | public ResponseFingerprint getFingerprint() { 28 | return fingerprint; 29 | } 30 | 31 | public int getCounter() { 32 | return counter; 33 | } 34 | 35 | public int getTotal() { 36 | return total; 37 | } 38 | 39 | public void increaseCounterAndTotal() { 40 | counter++; 41 | total++; 42 | } 43 | 44 | public void increaseOnlyTotal() { 45 | total++; 46 | } 47 | 48 | public double getProbability() { 49 | return (double) counter / (double) total; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/vector/statistics/TestInfo.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core.vector.statistics; 10 | 11 | import java.util.List; 12 | 13 | public abstract class TestInfo { 14 | 15 | public abstract String getTechnicalName(); 16 | 17 | public abstract List getFieldNames(); 18 | 19 | public abstract List getFieldValues(); 20 | 21 | public abstract String getPrintableName(); 22 | 23 | @Override 24 | public abstract boolean equals(Object o); 25 | 26 | @Override 27 | public abstract int hashCode(); 28 | } 29 | -------------------------------------------------------------------------------- /TLS-Scanner-Core/src/test/java/de/rub/nds/tlsscanner/core/TlsCoreTestReport.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.core; 10 | 11 | import de.rub.nds.tlsscanner.core.report.TlsScanReport; 12 | import java.io.OutputStream; 13 | 14 | public class TlsCoreTestReport extends TlsScanReport { 15 | @Override 16 | public void serializeToJson(OutputStream stream) {} 17 | } 18 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/constants/CheckPatternType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.constants; 10 | 11 | public enum CheckPatternType { 12 | CORRECT, 13 | PARTIAL, 14 | NONE, 15 | UNKNOWN 16 | } 17 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/constants/GcmPattern.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.constants; 10 | 11 | public enum GcmPattern { 12 | INCREMENTING, 13 | RANDOM, 14 | REPEATING, 15 | AWKWARD 16 | } 17 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/CertificateAgilityGuidelineCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 12 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 13 | import java.util.Objects; 14 | 15 | public class CertificateAgilityGuidelineCheckResult extends GuidelineCheckResult { 16 | 17 | public CertificateAgilityGuidelineCheckResult(String checkName, GuidelineAdherence adherence) { 18 | super(checkName, adherence); 19 | } 20 | 21 | @Override 22 | public String toString() { 23 | return Objects.equals(GuidelineAdherence.ADHERED, getAdherence()) 24 | ? "Server passed the certificate agility check." 25 | : "Server did not pass the certificate agility check."; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/CertificateGuidelineCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 12 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 13 | import java.util.ArrayList; 14 | import java.util.List; 15 | 16 | public class CertificateGuidelineCheckResult extends GuidelineCheckResult { 17 | 18 | private final List results = new ArrayList<>(); 19 | 20 | public CertificateGuidelineCheckResult(String checkName) { 21 | super(checkName, GuidelineAdherence.CHECK_FAILED); 22 | } 23 | 24 | @Override 25 | public String toString() { 26 | StringBuilder stringBuilder = new StringBuilder(); 27 | for (int i = 0; i < results.size(); i++) { 28 | GuidelineCheckResult result = this.results.get(i); 29 | stringBuilder.append("Certificate Check #").append(i + 1).append('\n'); 30 | stringBuilder.append(result.toString()).append('\n'); 31 | } 32 | return stringBuilder.toString(); 33 | } 34 | 35 | public void addResult(GuidelineCheckResult result) { 36 | this.results.add(result); 37 | } 38 | 39 | public List getResults() { 40 | return results; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/CertificateSignatureCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.protocol.constants.SignatureAlgorithm; 12 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 13 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 14 | import de.rub.nds.x509attacker.constants.X509PublicKeyType; 15 | 16 | public class CertificateSignatureCheckResult extends GuidelineCheckResult { 17 | 18 | private final X509PublicKeyType keyAlgorithm; 19 | private final SignatureAlgorithm signatureAlgorithm; 20 | 21 | public CertificateSignatureCheckResult( 22 | String checkName, 23 | GuidelineAdherence adherence, 24 | X509PublicKeyType keyAlgorithm, 25 | SignatureAlgorithm signatureAlgorithm) { 26 | super(checkName, adherence); 27 | this.keyAlgorithm = keyAlgorithm; 28 | this.signatureAlgorithm = signatureAlgorithm; 29 | } 30 | 31 | @Override 32 | public String toString() { 33 | return keyAlgorithm + " key is signed with " + signatureAlgorithm; 34 | } 35 | 36 | public X509PublicKeyType getKeyAlgorithm() { 37 | return keyAlgorithm; 38 | } 39 | 40 | public SignatureAlgorithm getSignatureAlgorithm() { 41 | return signatureAlgorithm; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/CertificateValidityGuidelineCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 12 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 13 | 14 | public class CertificateValidityGuidelineCheckResult extends GuidelineCheckResult { 15 | 16 | private final int maximumValidity; 17 | private final long actualValidity; 18 | 19 | public CertificateValidityGuidelineCheckResult( 20 | String checkName, GuidelineAdherence adherence, int expectedResult, long actualResult) { 21 | super(checkName, adherence); 22 | this.maximumValidity = expectedResult; 23 | this.actualValidity = actualResult; 24 | } 25 | 26 | @Override 27 | public String toString() { 28 | return String.format( 29 | "Certificate Validity is %d. (Max %d days.)", actualValidity, maximumValidity); 30 | } 31 | 32 | public int getMaximumValidity() { 33 | return maximumValidity; 34 | } 35 | 36 | public long getActualValidity() { 37 | return actualValidity; 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/CertificateVersionGuidelineCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 12 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 13 | import de.rub.nds.x509attacker.constants.X509Version; 14 | 15 | public class CertificateVersionGuidelineCheckResult extends GuidelineCheckResult { 16 | 17 | private final X509Version version; 18 | 19 | public CertificateVersionGuidelineCheckResult( 20 | String checkName, GuidelineAdherence adherence, X509Version version) { 21 | super(checkName, adherence); 22 | this.version = version; 23 | } 24 | 25 | @Override 26 | public String toString() { 27 | return "Certificate has Version " + version; 28 | } 29 | 30 | public X509Version getVersion() { 31 | return version; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/CipherSuiteGuidelineCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import com.google.common.base.Joiner; 12 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 13 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 14 | import de.rub.nds.tlsattacker.core.constants.CipherSuite; 15 | import java.util.List; 16 | 17 | public class CipherSuiteGuidelineCheckResult extends GuidelineCheckResult { 18 | 19 | private final List notRecommendedSuites; 20 | 21 | public CipherSuiteGuidelineCheckResult( 22 | String checkName, 23 | GuidelineAdherence adherence, 24 | List notRecommendedSuites) { 25 | super(checkName, adherence); 26 | this.notRecommendedSuites = notRecommendedSuites; 27 | } 28 | 29 | @Override 30 | public String toString() { 31 | if (notRecommendedSuites.isEmpty()) { 32 | return "Only listed Cipher Suites are supported."; 33 | } else { 34 | return "The following Cipher Suites were supported but not recommended:\n" 35 | + Joiner.on('\n').join(notRecommendedSuites); 36 | } 37 | } 38 | 39 | public List getNotRecommendedSuites() { 40 | return notRecommendedSuites; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/ExtensionGuidelineCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 12 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 13 | import de.rub.nds.tlsattacker.core.constants.ExtensionType; 14 | 15 | public class ExtensionGuidelineCheckResult extends GuidelineCheckResult { 16 | 17 | private final boolean supported; 18 | private final ExtensionType requiredExtension; 19 | 20 | public ExtensionGuidelineCheckResult( 21 | String checkName, 22 | GuidelineAdherence adherence, 23 | boolean supported, 24 | ExtensionType requiredExtension) { 25 | super(checkName, adherence); 26 | this.supported = supported; 27 | this.requiredExtension = requiredExtension; 28 | } 29 | 30 | @Override 31 | public String toString() { 32 | return supported 33 | ? "The server supports " + this.requiredExtension 34 | : "The server does not support " + this.requiredExtension; 35 | } 36 | 37 | public ExtensionType getRequiredExtension() { 38 | return requiredExtension; 39 | } 40 | 41 | public boolean isSupported() { 42 | return supported; 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/HashAlgorithmStrengthCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.protocol.constants.HashAlgorithm; 12 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 13 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 14 | import java.util.Objects; 15 | 16 | public class HashAlgorithmStrengthCheckResult extends GuidelineCheckResult { 17 | 18 | private final HashAlgorithm hashAlgorithm; 19 | 20 | public HashAlgorithmStrengthCheckResult( 21 | String checkName, GuidelineAdherence adherence, HashAlgorithm hashAlgorithm) { 22 | super(checkName, adherence); 23 | this.hashAlgorithm = hashAlgorithm; 24 | } 25 | 26 | @Override 27 | public String toString() { 28 | if (Objects.equals(GuidelineAdherence.ADHERED, getAdherence())) { 29 | return "Used Hash Algorithms are strong enough."; 30 | } 31 | return hashAlgorithm + " is too weak"; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/KeySizeData.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.protocol.constants.AsymmetricAlgorithmType; 12 | 13 | public class KeySizeData { 14 | private AsymmetricAlgorithmType algorithm; 15 | private int minimumLength; 16 | private int actualLength; 17 | 18 | public KeySizeData(AsymmetricAlgorithmType algorithm, int minimumLength, int actualLength) { 19 | this.algorithm = algorithm; 20 | this.minimumLength = minimumLength; 21 | this.actualLength = actualLength; 22 | } 23 | 24 | public AsymmetricAlgorithmType getAlgorithm() { 25 | return algorithm; 26 | } 27 | 28 | public void setAlgorithm(AsymmetricAlgorithmType algorithm) { 29 | this.algorithm = algorithm; 30 | } 31 | 32 | public int getMinimumLength() { 33 | return minimumLength; 34 | } 35 | 36 | public void setMinimumLength(int minimumLength) { 37 | this.minimumLength = minimumLength; 38 | } 39 | 40 | public int getActualLength() { 41 | return actualLength; 42 | } 43 | 44 | public void setActualLength(int actualLength) { 45 | this.actualLength = actualLength; 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/guideline/results/KeyUsageCertificateCheckResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline.results; 10 | 11 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 12 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 13 | import java.util.Objects; 14 | 15 | public class KeyUsageCertificateCheckResult extends GuidelineCheckResult { 16 | 17 | private final boolean supported; 18 | private final String keyUsage; 19 | 20 | public KeyUsageCertificateCheckResult( 21 | String checkName, GuidelineAdherence adherence, boolean supported, String keyUsage) { 22 | super(checkName, adherence); 23 | this.supported = supported; 24 | this.keyUsage = keyUsage; 25 | } 26 | 27 | @Override 28 | public String toString() { 29 | return Objects.equals(GuidelineAdherence.ADHERED, getAdherence()) 30 | ? "Certificate has correct key usage " + getKeyUsage() 31 | : "Certificate is missing key usage " + getKeyUsage(); 32 | } 33 | 34 | public String getKeyUsage() { 35 | return keyUsage == null ? "" : keyUsage; 36 | } 37 | 38 | public boolean isSupported() { 39 | return supported; 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/passive/DestinationPortExtractor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.passive; 10 | 11 | import de.rub.nds.scanner.core.passive.StatExtractor; 12 | import de.rub.nds.tlsattacker.core.state.State; 13 | import de.rub.nds.tlsattacker.transport.TransportHandler; 14 | import de.rub.nds.tlsattacker.transport.udp.ClientUdpTransportHandler; 15 | import de.rub.nds.tlsattacker.transport.udp.ServerUdpTransportHandler; 16 | import de.rub.nds.tlsattacker.transport.udp.UdpTransportHandler; 17 | import de.rub.nds.tlsscanner.core.passive.TrackableValueType; 18 | 19 | public class DestinationPortExtractor extends StatExtractor { 20 | 21 | public DestinationPortExtractor() { 22 | super(TrackableValueType.DESTINATION_PORT); 23 | } 24 | 25 | @Override 26 | public void extract(State state) { 27 | TransportHandler handler = state.getTlsContext().getTransportHandler(); 28 | if (handler instanceof ClientUdpTransportHandler 29 | || handler instanceof ServerUdpTransportHandler) { 30 | int port = ((UdpTransportHandler) handler).getDstPort(); 31 | if (port != -1) { 32 | put(port); 33 | } 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/passive/SessionIdExtractor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.passive; 10 | 11 | import de.rub.nds.scanner.core.passive.StatExtractor; 12 | import de.rub.nds.scanner.core.util.ComparableByteArray; 13 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 14 | import de.rub.nds.tlsattacker.core.state.State; 15 | import de.rub.nds.tlsscanner.core.passive.TrackableValueType; 16 | import java.util.Arrays; 17 | 18 | public class SessionIdExtractor extends StatExtractor { 19 | 20 | public SessionIdExtractor() { 21 | super(TrackableValueType.SESSION_ID); 22 | } 23 | 24 | @Override 25 | public void extract(State state) { 26 | if (state.getTlsContext().getSelectedProtocolVersion() != ProtocolVersion.TLS13) { 27 | if (state.getTlsContext().getServerSessionId() != null) { 28 | if (!Arrays.equals( 29 | state.getTlsContext().getClientSessionId(), 30 | state.getTlsContext().getServerSessionId())) { 31 | put(new ComparableByteArray(state.getTlsContext().getServerSessionId())); 32 | } 33 | } 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/passive/SessionTicketExtractor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.passive; 10 | 11 | import de.rub.nds.scanner.core.passive.StatExtractor; 12 | import de.rub.nds.tlsattacker.core.state.State; 13 | import de.rub.nds.tlsscanner.core.passive.TrackableValueType; 14 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.SessionTicketUtil; 15 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket.TicketHolder; 16 | 17 | public class SessionTicketExtractor extends StatExtractor { 18 | 19 | public SessionTicketExtractor() { 20 | super(TrackableValueType.SESSION_TICKET); 21 | } 22 | 23 | @Override 24 | public void extract(State state) { 25 | TicketHolder tickets = SessionTicketUtil.getSessionTickets(state); 26 | if (!tickets.isEmpty()) { 27 | put(tickets); 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/bleichenbacher/constans/BleichenbacherScanType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.constans; 10 | 11 | public enum BleichenbacherScanType { 12 | FULL, 13 | FAST 14 | } 15 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/bleichenbacher/constans/BleichenbacherWorkflowType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.constans; 10 | 11 | public enum BleichenbacherWorkflowType { 12 | CKE_CCS_FIN("Complete TLS protocol flow with CCS and Finished messages"), 13 | CKE("TLS protocol flow with missing CCS and Finished messages"), 14 | CKE_CCS("TLS protocol flow with missing Finished message"), 15 | CKE_FIN("TLS protocol flow with missing CCS message"); 16 | 17 | String description; 18 | 19 | BleichenbacherWorkflowType(String description) { 20 | this.description = description; 21 | } 22 | 23 | public String getDescription() { 24 | return description; 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/directraccoon/DirectRaccoonWorkflowType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.directraccoon; 10 | 11 | public enum DirectRaccoonWorkflowType { 12 | 13 | /** */ 14 | INITIAL("Complete TLS protocol flow with CCS and Finished messages"), 15 | /** */ 16 | CKE("TLS protocol flow with missing CCS and Finished messages"), 17 | /** */ 18 | CKE_CCS("TLS protocol flow with missing Finished message"), 19 | /** */ 20 | CKE_CCS_FIN("Complete TLS protocol flow with CCS and Finished messages"); 21 | 22 | String description; 23 | 24 | DirectRaccoonWorkflowType(String description) { 25 | this.description = description; 26 | } 27 | 28 | /** 29 | * @return 30 | */ 31 | public String getDescription() { 32 | return description; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/drown/constans/DrownOracleType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.drown.constans; 10 | 11 | public enum DrownOracleType { 12 | EXTRA_CLEAR, 13 | LEAKY_EXPORT 14 | } 15 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/drown/constans/DrownVulnerabilityType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.drown.constans; 10 | 11 | public enum DrownVulnerabilityType { 12 | 13 | /** Server vulnerable to full General DROWN attack. */ 14 | GENERAL, 15 | /** Server vulnerable to full Special DROWN. */ 16 | SPECIAL, 17 | /** Server supports SSLv2, but no weak cipher suites. => Not vulnerable. */ 18 | SSL2, 19 | /** Server doesn't support SSLv2. => Not vulnerable. */ 20 | NONE, 21 | UNKNOWN 22 | } 23 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/earlyccs/EarlyCcsVulnerabilityType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.earlyccs; 10 | 11 | public enum EarlyCcsVulnerabilityType { 12 | UNKNOWN, 13 | VULN_EXPLOITABLE, 14 | VULN_NOT_EXPLOITABLE, 15 | NOT_VULNERABLE 16 | } 17 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/handshakesimulation/ConfigFileListIO.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.handshakesimulation; 10 | 11 | import de.rub.nds.scanner.core.util.JaxbSerializer; 12 | import jakarta.xml.bind.JAXBException; 13 | import java.util.Set; 14 | 15 | public class ConfigFileListIO extends JaxbSerializer { 16 | 17 | public ConfigFileListIO() throws JAXBException { 18 | super(Set.of(ConfigFileListIO.class)); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/handshakesimulation/ConnectionInsecure.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.handshakesimulation; 10 | 11 | public enum ConnectionInsecure { 12 | CIPHER_SUITE_GRADE_LOW("Grade of the selected cipher suite is low"), 13 | PUBLIC_KEY_SIZE_TOO_SMALL( 14 | "Server public key parameter is too small (ECRYPT-CSA recommendations 2018)"), 15 | PADDING_ORACLE("Connection is vulnerable to padding oracle"), 16 | BLEICHENBACHER("Connection is vulnerable to bleichenbacher"), 17 | CRIME("Connection is vulnerable to crime"), 18 | SWEET32("Connection is vulnerable to sweet32"); 19 | 20 | private final String reason; 21 | 22 | private ConnectionInsecure(String reason) { 23 | this.reason = reason; 24 | } 25 | 26 | public String getReason() { 27 | return reason; 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/handshakesimulation/HandshakeFailureReasons.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.handshakesimulation; 10 | 11 | public enum HandshakeFailureReasons { 12 | PROTOCOL_MISMATCH("Client and server do not support a common version"), 13 | CIPHER_SUITE_MISMATCH("Server does not have a valid cipher suite choice"), 14 | PARSING_ERROR("The answer received from the server was not parseable"), 15 | CIPHER_SUITE_FORBIDDEN("Client rejects cipher suite choice from the server"), 16 | RSA_CERTIFICATE_MODULUS_SIZE_NOT_ACCEPTED("Client does not support the RSA modulus size"), 17 | DHE_MODULUS_SIZE_NOT_ACCEPTED("Client does not support the DH parameter size"), 18 | ECDH_NO_COMMON_GROUP("Server does not have a group in common with the server"), 19 | NO_SNI("Client does not support SNI"), 20 | INVALID_SNI("Client supports SNI, but the Server does not like the provided hostname"); 21 | 22 | private final String reason; 23 | 24 | private HandshakeFailureReasons(String reason) { 25 | this.reason = reason; 26 | } 27 | 28 | public String getReason() { 29 | return reason; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/handshakesimulation/NegotiatedParameterProperties.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.handshakesimulation; 10 | 11 | public enum NegotiatedParameterProperties { 12 | FALSE_START, 13 | VULNERABLE_RENEGOTIATION_ATTACK, 14 | VULNERABLE_DOWNGRADE, 15 | VULNERABLE_SWEET32, 16 | VULNERABLE_POODLE, 17 | VULNERABLE_CRIME, 18 | VULNERABLE_PADDING_ORACLE, 19 | VULNERABLE_PASSIVE_BLEICHENBACHER, 20 | NOT_PERFECT_FORWARD_SECURE, 21 | PERFECT_FORWARD_SECURE, 22 | AUTHENTICATED_ENCRYPTION, 23 | } 24 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/handshakesimulation/TlsClientConfigIO.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.handshakesimulation; 10 | 11 | import de.rub.nds.scanner.core.util.JaxbSerializer; 12 | import jakarta.xml.bind.JAXBException; 13 | import java.util.Set; 14 | 15 | public class TlsClientConfigIO extends JaxbSerializer { 16 | 17 | public TlsClientConfigIO() throws JAXBException { 18 | super(Set.of(TlsClientConfig.class)); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/invalidcurve/constants/InvalidCurveScanType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.constants; 10 | 11 | public enum InvalidCurveScanType { 12 | REGULAR, 13 | EXTENDED, 14 | REDUNDANT, 15 | LARGE_GROUP 16 | } 17 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/invalidcurve/constants/InvalidCurveWorkflowType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.constants; 10 | 11 | public enum InvalidCurveWorkflowType { 12 | REGULAR, 13 | RENEGOTIATION 14 | } 15 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/mac/ByteCheckStatus.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.mac; 10 | 11 | public enum ByteCheckStatus { 12 | CHECKED, 13 | NOT_CHECKED, 14 | CHECKED_WITH_FIN, 15 | ERROR_DURING_TEST 16 | } 17 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/mac/StateIndexPair.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.mac; 10 | 11 | import de.rub.nds.tlsattacker.core.state.State; 12 | 13 | public class StateIndexPair { 14 | 15 | private int index; 16 | 17 | private State state; 18 | 19 | public StateIndexPair(int index, State state) { 20 | this.index = index; 21 | this.state = state; 22 | } 23 | 24 | public int getIndex() { 25 | return index; 26 | } 27 | 28 | public void setIndex(int index) { 29 | this.index = index; 30 | } 31 | 32 | public State getState() { 33 | return state; 34 | } 35 | 36 | public void setState(State state) { 37 | this.state = state; 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/quic/QuicServerProbe.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.quic; 10 | 11 | import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor; 12 | import de.rub.nds.tlsscanner.core.constants.QuicProbeType; 13 | import de.rub.nds.tlsscanner.serverscanner.probe.TlsServerProbe; 14 | import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector; 15 | import org.apache.logging.log4j.LogManager; 16 | import org.apache.logging.log4j.Logger; 17 | 18 | public abstract class QuicServerProbe extends TlsServerProbe { 19 | 20 | protected static final Logger LOGGER = LogManager.getLogger(); 21 | 22 | protected QuicServerProbe( 23 | ParallelExecutor parallelExecutor, QuicProbeType type, ConfigSelector configSelector) { 24 | super(parallelExecutor, type, configSelector); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/requirements/WorkingConfigRequirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.requirements; 10 | 11 | import de.rub.nds.scanner.core.probe.requirements.Requirement; 12 | import de.rub.nds.tlsscanner.serverscanner.report.ServerReport; 13 | import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector; 14 | 15 | /** Represents a {@link Requirement} for the requirement of a working config. */ 16 | public class WorkingConfigRequirement extends Requirement { 17 | 18 | private final ConfigSelector configSelector; 19 | 20 | /** 21 | * @param configSelector the ConfigSelector. 22 | */ 23 | public WorkingConfigRequirement(ConfigSelector configSelector) { 24 | this.configSelector = configSelector; 25 | } 26 | 27 | @Override 28 | public boolean evaluate(ServerReport report) { 29 | if (configSelector == null) { 30 | return false; 31 | } 32 | return configSelector.foundWorkingConfig(); 33 | } 34 | 35 | @Override 36 | public String toString() { 37 | return "WorkingConfigRequirement"; 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/result/VersionDependentResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.result; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResult; 12 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 13 | import java.util.EnumMap; 14 | import java.util.Map; 15 | 16 | public class VersionDependentResult implements TestResult { 17 | protected Map results = new EnumMap<>(ProtocolVersion.class); 18 | 19 | public T getResult(ProtocolVersion version) { 20 | return results.get(version); 21 | } 22 | 23 | public void putResult(ProtocolVersion version, T result) { 24 | results.put(version, result); 25 | } 26 | 27 | public Map getResultMap() { 28 | return results; 29 | } 30 | 31 | @Override 32 | public String getName() { 33 | return ""; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/result/hpkp/HpkpPin.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.result.hpkp; 10 | 11 | import de.rub.nds.modifiablevariable.util.ArrayConverter; 12 | 13 | public class HpkpPin { 14 | 15 | private String pinType; 16 | private byte[] pin; 17 | 18 | /** Private no-arg constructor to please JAXB */ 19 | @SuppressWarnings("unused") 20 | private HpkpPin() {} 21 | 22 | public HpkpPin(String pinType, byte[] ping) { 23 | this.pinType = pinType; 24 | this.pin = ping; 25 | } 26 | 27 | public String getPinType() { 28 | return pinType; 29 | } 30 | 31 | public void setPinType(String pinType) { 32 | this.pinType = pinType; 33 | } 34 | 35 | public byte[] getPing() { 36 | return pin; 37 | } 38 | 39 | public void setPing(byte[] ping) { 40 | this.pin = ping; 41 | } 42 | 43 | @Override 44 | public String toString() { 45 | return "" 46 | + pinType.trim() 47 | + " - " 48 | + ArrayConverter.bytesToHexString(pin, false, false).replace(" ", ""); 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/result/raccoonattack/RaccoonAttackVulnerabilityPosition.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.result.raccoonattack; 10 | 11 | public enum RaccoonAttackVulnerabilityPosition { 12 | SSL3_OUTER_MD5, 13 | SSL3_INNER_SHA1_A, 14 | SSL3_INNER_SHA1_BB, 15 | SSL3_INNER_SHA1_CCC, 16 | TLS12_SHA384PRF, 17 | TLS12_SHA256PRF, 18 | TLS_LEGACY_PRF, 19 | } 20 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/result/sessionticket/FoundDefaultHmacKey.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.result.sessionticket; 10 | 11 | import de.rub.nds.protocol.constants.MacAlgorithm; 12 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.SessionTicketMacFormat; 13 | import java.io.Serializable; 14 | 15 | public class FoundDefaultHmacKey implements Serializable { 16 | public final MacAlgorithm algorithm; 17 | public final SessionTicketMacFormat format; 18 | public final byte[] key; 19 | 20 | public FoundDefaultHmacKey(MacAlgorithm algorithm, SessionTicketMacFormat format, byte[] key) { 21 | this.algorithm = algorithm; 22 | this.format = format; 23 | this.key = key; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/result/sessionticket/FoundDefaultStek.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.result.sessionticket; 10 | 11 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.SessionTicketEncryptionFormat; 12 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.TicketEncryptionAlgorithm; 13 | import java.io.Serializable; 14 | 15 | public class FoundDefaultStek implements Serializable { 16 | public final TicketEncryptionAlgorithm algorithm; 17 | public final SessionTicketEncryptionFormat format; 18 | public final byte[] key; 19 | public final FoundSecret secret; 20 | 21 | public FoundDefaultStek( 22 | TicketEncryptionAlgorithm algorithm, 23 | SessionTicketEncryptionFormat format, 24 | byte[] key, 25 | FoundSecret secret) { 26 | this.algorithm = algorithm; 27 | this.format = format; 28 | this.key = key; 29 | this.secret = secret; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/result/sessionticket/FoundSecret.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.result.sessionticket; 10 | 11 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.SessionSecret; 12 | import java.io.Serializable; 13 | 14 | public class FoundSecret implements Serializable { 15 | public final SessionSecret secret; 16 | 17 | /** Offset of the secret in the ticket (from left; 0=start). */ 18 | public final int offset; 19 | 20 | public FoundSecret(SessionSecret secret, int offset) { 21 | this.secret = secret; 22 | this.offset = offset; 23 | } 24 | 25 | public String toReportString() { 26 | return secret.secretType.toString() + " at offset " + offset; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/result/statistics/RandomEvaluationResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.result.statistics; 10 | 11 | public enum RandomEvaluationResult { 12 | NO_DUPLICATES, 13 | DUPLICATES, 14 | UNIX_TIME, 15 | NOT_RANDOM, 16 | NOT_ANALYZED 17 | } 18 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/sessionticket/SessionSecret.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.sessionticket; 10 | 11 | import de.rub.nds.tlsscanner.core.util.ArrayUtil; 12 | import java.io.Serializable; 13 | import java.util.Optional; 14 | import org.apache.logging.log4j.LogManager; 15 | import org.apache.logging.log4j.Logger; 16 | 17 | public class SessionSecret implements Serializable { 18 | private static final Logger LOGGER = LogManager.getLogger(); 19 | 20 | public enum Secret { 21 | PREMASTER_SECRET, 22 | HANDSHAKE_SECRET, 23 | RESUMPTION_SECRET, 24 | MASTER_SECRET, 25 | PRESHARED_KEY, 26 | } 27 | 28 | public final Secret secretType; 29 | public final byte[] value; 30 | 31 | public SessionSecret(Secret secret, byte[] value) { 32 | this.secretType = secret; 33 | this.value = value; 34 | if (value == null) { 35 | LOGGER.warn("Created a SessionSecret of type {} with a null value", secret); 36 | } 37 | } 38 | 39 | public Optional findIn(byte[] haystack) { 40 | if (value == null || haystack == null) { 41 | return Optional.empty(); 42 | } 43 | return ArrayUtil.findSubarray(haystack, value); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/sessionticket/ticket/ModifiedTicket.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket; 10 | 11 | import de.rub.nds.modifiablevariable.VariableModification; 12 | 13 | public class ModifiedTicket { 14 | private final Ticket originalTicket; 15 | 16 | private final VariableModification modification; 17 | 18 | private final Ticket resultingTicket; 19 | 20 | public ModifiedTicket(Ticket originalTicket, VariableModification modification) { 21 | this.originalTicket = originalTicket; 22 | this.modification = modification; 23 | this.resultingTicket = computeResultingTicket(); 24 | } 25 | 26 | private Ticket computeResultingTicket() { 27 | if (modification == null) { 28 | return originalTicket; 29 | } 30 | Ticket newTicket = originalTicket.copy(); 31 | byte[] newBytes = modification.modify(newTicket.getTicketBytesOriginal()); 32 | newTicket.setTicketBytes(newBytes); 33 | return newTicket; 34 | } 35 | 36 | public VariableModification getModification() { 37 | return this.modification; 38 | } 39 | 40 | public Ticket getOriginalTicket() { 41 | return originalTicket; 42 | } 43 | 44 | public Ticket getResultingTicket() { 45 | return this.resultingTicket; 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/sessionticket/ticket/NoTicket.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket; 10 | 11 | import de.rub.nds.tlsattacker.core.config.Config; 12 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.SessionSecret; 13 | import java.util.List; 14 | 15 | public class NoTicket implements Ticket { 16 | 17 | @Override 18 | public void applyTo(Config config) { 19 | config.setAddPreSharedKeyExtension(false); 20 | config.setAddEarlyDataExtension(false); 21 | } 22 | 23 | @Override 24 | public void setTicketBytes(byte[] ticketBytes) { 25 | throw new UnsupportedOperationException(); 26 | } 27 | 28 | @Override 29 | public byte[] getTicketBytesOriginal() { 30 | throw new UnsupportedOperationException(); 31 | } 32 | 33 | @Override 34 | public Ticket copy() { 35 | throw new UnsupportedOperationException(); 36 | } 37 | 38 | @Override 39 | public List getSessionSecrets() { 40 | throw new UnsupportedOperationException(); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/sessionticket/vector/TicketPaddingOracleVector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.vector; 10 | 11 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket.ModifiedTicket; 12 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket.Ticket; 13 | 14 | public interface TicketPaddingOracleVector extends TicketVector { 15 | ModifiedTicket createTicket(Ticket originalTicket, byte prefixXorValue); 16 | 17 | @Override 18 | default ModifiedTicket createTicket(Ticket originalTicket) { 19 | return createTicket(originalTicket, (byte) 0); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/sessionticket/vector/TicketVector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.vector; 10 | 11 | import de.rub.nds.tlsscanner.core.vector.Vector; 12 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket.ModifiedTicket; 13 | import de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket.Ticket; 14 | 15 | public interface TicketVector extends Vector { 16 | ModifiedTicket createTicket(Ticket originalTicket); 17 | } 18 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/selector/ConfigFilterProfile.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.selector; 10 | 11 | public interface ConfigFilterProfile { 12 | public abstract ConfigFilterType[] getConfigFilterTypes(); 13 | 14 | public abstract String getIdentifier(); 15 | } 16 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/selector/ConfigFilterType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.selector; 10 | 11 | public enum ConfigFilterType { 12 | CIPHERSUITE_UNNEGOTIABLE, 13 | CIPHERSUITE_UNOFFICIAL, 14 | CIPHERSUITE_GREASE, 15 | CIPHERSUITE_KRB5, 16 | CIPHERSUITE_GOST, 17 | CIPHERSUITE_PSK, 18 | CIPHERSUITE_SRP, 19 | CIPHERSUITE_ECCPWD, 20 | CIPHERSUITE_ANON, 21 | CIPHERSUITE_ARIA, 22 | CIPHERSUITE_CAMELLIA, 23 | CIPHERSUITE_EXPORT, 24 | CIPHERSUITE_DES, 25 | CIPHERSUITE_RC4, 26 | CIPHERSUITE_NULL, 27 | 28 | NAMEDGROUP_GREASE, 29 | NAMEDGROUP_DEPRECATED, 30 | NAMEDGROUP_SECT, 31 | 32 | SIGNATUREALGORITHM_GREASE, 33 | SIGNATUREALGORITHM_ANON, 34 | SIGNATUREALGORITHM_DSA, 35 | SIGNATUREALGORITHM_GOST, 36 | SIGNATUREALGORITHM_ED, 37 | SIGNATUREALGORITHM_RSA_PSS_PSS, 38 | SIGNATUREALGORITHM_DEPRECATED, 39 | SIGNATUREALGORITHM_TLS13; 40 | 41 | public boolean isCipherSuiteFilter() { 42 | return this.name().contains("CIPHERSUITE"); 43 | } 44 | 45 | public boolean isNamedGroupFilter() { 46 | return this.name().contains("NAMEDGROUP"); 47 | } 48 | 49 | public boolean isSignatureAlgorithmFilter() { 50 | return this.name().contains("SIGNATUREALGORITHM"); 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/resources/common/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017, Cryptosense SA 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 15 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/resources/common/Readme: -------------------------------------------------------------------------------- 1 | The Common Diffie Hellman groups are taken from https://github.com/cryptosense/diffie-hellman-groups . 2 | Thanks to cryptosense for publishing this collection! 3 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/resources/configs/ssl2Only.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | SSL2 4 | SSL2 5 | 6 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/main/resources/log4j2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/guideline/CertificateAgilityGuidelineCheckTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.guideline; 10 | 11 | import static org.junit.jupiter.api.Assertions.assertEquals; 12 | 13 | import de.rub.nds.scanner.core.guideline.GuidelineAdherence; 14 | import de.rub.nds.scanner.core.guideline.GuidelineCheckResult; 15 | import de.rub.nds.tlsscanner.serverscanner.guideline.checks.CertificateAgilityGuidelineCheck; 16 | import de.rub.nds.tlsscanner.serverscanner.report.ServerReport; 17 | import org.junit.jupiter.api.Test; 18 | 19 | public class CertificateAgilityGuidelineCheckTest { 20 | 21 | @Test 22 | public void testNegative() { 23 | ServerReport report = new ServerReport("test", 443); 24 | 25 | CertificateAgilityGuidelineCheck check = new CertificateAgilityGuidelineCheck(null, null); 26 | 27 | GuidelineCheckResult result = check.evaluate(report); 28 | 29 | assertEquals(GuidelineAdherence.VIOLATED, result.getAdherence()); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/AlpnProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.tls.subject.TlsImplementationType; 12 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 13 | import org.junit.jupiter.api.Tag; 14 | 15 | @Tag(TestCategories.INTEGRATION_TEST) 16 | public class AlpnProbeIT extends AbstractProbeIT { 17 | 18 | public AlpnProbeIT() { 19 | super(TlsImplementationType.OPENSSL, "1.1.1f", "-alpn http/1.1"); 20 | } 21 | 22 | @Override 23 | protected TlsServerProbe getProbe() { 24 | return new AlpnProbe(configSelector, parallelExecutor); 25 | } 26 | 27 | @Override 28 | protected void prepareReport() {} 29 | 30 | @Override 31 | protected boolean executedAsPlanned() { 32 | return report.getSupportedAlpnConstans().size() == 1 33 | && report.getSupportedAlpnConstans().contains("http/1.1"); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/CipherSuiteOrderProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class CipherSuiteOrderProbeIT extends AbstractProbeIT { 19 | 20 | public CipherSuiteOrderProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", "-serverpref"); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new CipherSuiteOrderProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty(TlsAnalyzedProperty.ENFORCES_CS_ORDERING, TestResults.TRUE); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/EarlyCcsProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class EarlyCcsProbeIT extends AbstractProbeIT { 19 | 20 | public EarlyCcsProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", ""); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new EarlyCcsProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty(TlsAnalyzedProperty.VULNERABLE_TO_EARLY_CCS, TestResults.FALSE); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/EsniProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class EsniProbeIT extends AbstractProbeIT { 19 | 20 | public EsniProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", ""); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new EsniProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty(TlsAnalyzedProperty.SUPPORTS_ESNI, TestResults.FALSE); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/HeartbleedProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class HeartbleedProbeIT extends AbstractProbeIT { 19 | 20 | public HeartbleedProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", ""); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new HeartbleedProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty(TlsAnalyzedProperty.VULNERABLE_TO_HEARTBLEED, TestResults.FALSE); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/HttpFalseStartProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class HttpFalseStartProbeIT extends AbstractProbeIT { 19 | 20 | public HttpFalseStartProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", "-www"); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new HttpFalseStartProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty(TlsAnalyzedProperty.SUPPORTS_HTTP_FALSE_START, TestResults.TRUE); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/RecordFragmentationProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class RecordFragmentationProbeIT extends AbstractProbeIT { 19 | 20 | public RecordFragmentationProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", ""); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new RecordFragmentationProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, TestResults.TRUE); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/SignatureHashAlgorithmOrderProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class SignatureHashAlgorithmOrderProbeIT extends AbstractProbeIT { 19 | 20 | public SignatureHashAlgorithmOrderProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", ""); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new SignatureHashAlgorithmOrderProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty( 35 | TlsAnalyzedProperty.ENFORCES_SIGNATURE_HASH_ALGORITHM_ORDERING, TestResults.TRUE); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/SniProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import org.junit.jupiter.api.Tag; 16 | 17 | @Tag(TestCategories.INTEGRATION_TEST) 18 | public class SniProbeIT extends AbstractProbeIT { 19 | 20 | public SniProbeIT() { 21 | super(TlsImplementationType.OPENSSL, "1.1.1f", ""); 22 | } 23 | 24 | @Override 25 | protected TlsServerProbe getProbe() { 26 | return new SniProbe(configSelector, parallelExecutor); 27 | } 28 | 29 | @Override 30 | protected void prepareReport() {} 31 | 32 | @Override 33 | protected boolean executedAsPlanned() { 34 | return verifyProperty(TlsAnalyzedProperty.REQUIRES_SNI, TestResults.FALSE); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/TlsFallbackScsvProbeIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe; 10 | 11 | import de.rub.nds.scanner.core.probe.result.TestResults; 12 | import de.rub.nds.tls.subject.TlsImplementationType; 13 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 14 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 15 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 16 | import java.util.Arrays; 17 | import org.junit.jupiter.api.Tag; 18 | 19 | @Tag(TestCategories.INTEGRATION_TEST) 20 | public class TlsFallbackScsvProbeIT extends AbstractProbeIT { 21 | 22 | public TlsFallbackScsvProbeIT() { 23 | super(TlsImplementationType.OPENSSL, "1.1.1f", ""); 24 | } 25 | 26 | @Override 27 | protected TlsServerProbe getProbe() { 28 | return new TlsFallbackScsvProbe(configSelector, parallelExecutor); 29 | } 30 | 31 | @Override 32 | protected void prepareReport() { 33 | report.putResult( 34 | TlsAnalyzedProperty.SUPPORTED_PROTOCOL_VERSIONS, 35 | Arrays.asList(ProtocolVersion.TLS10, ProtocolVersion.TLS11, ProtocolVersion.TLS12)); 36 | } 37 | 38 | @Override 39 | protected boolean executedAsPlanned() { 40 | return verifyProperty(TlsAnalyzedProperty.SUPPORTS_TLS_FALLBACK_SCSV, TestResults.TRUE); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/bleichenbacher/vector/Pkcs1VectorGeneratorTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.vector; 10 | 11 | import static org.junit.jupiter.api.Assertions.assertEquals; 12 | import static org.junit.jupiter.api.Assertions.assertNotNull; 13 | 14 | import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; 15 | import de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.constans.BleichenbacherScanType; 16 | import java.util.List; 17 | import org.junit.jupiter.api.Test; 18 | 19 | public class Pkcs1VectorGeneratorTest { 20 | 21 | /** Test of generatePlainPkcs1Vectors method, of class Pkcs1VectorGenerator. */ 22 | @Test 23 | public void testGeneratePlainPkcs1Vectors() { 24 | List vectors = 25 | Pkcs1VectorGenerator.generatePlainPkcs1Vectors( 26 | 2048, BleichenbacherScanType.FAST, ProtocolVersion.TLS12); 27 | assertNotNull(vectors); 28 | assertEquals(12, vectors.size(), "11 PKCS#1 vectors should be generated"); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/report/SiteReportPrinterTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.report; 10 | 11 | import de.rub.nds.scanner.core.config.ScannerDetail; 12 | import de.rub.nds.tlsscanner.core.report.DefaultPrintingScheme; 13 | import org.junit.jupiter.api.Test; 14 | 15 | public class SiteReportPrinterTest { 16 | 17 | /** Test of getFullReport method, of class SiteReportPrinter. */ 18 | @Test 19 | public void testPrintEmptyReport() { 20 | ServerReport report = new ServerReport("somehost", 443); 21 | for (ScannerDetail detail : ScannerDetail.values()) { 22 | ServerReportPrinter printer = 23 | new ServerReportPrinter( 24 | report, detail, DefaultPrintingScheme.getDefaultPrintingScheme(), true); 25 | printer.getFullReport(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/report/rating/RecommendationsIOIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | package de.rub.nds.tlsscanner.serverscanner.report.rating; 10 | 11 | import de.rub.nds.scanner.core.report.rating.Recommendations; 12 | import de.rub.nds.scanner.core.report.rating.RecommendationsIO; 13 | import de.rub.nds.tlsattacker.util.tests.TestCategories; 14 | import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty; 15 | import java.io.ByteArrayInputStream; 16 | import java.io.ByteArrayOutputStream; 17 | import java.util.LinkedList; 18 | import org.junit.jupiter.api.Tag; 19 | import org.junit.jupiter.api.Test; 20 | 21 | public class RecommendationsIOIT { 22 | 23 | @Test 24 | @Tag(TestCategories.INTEGRATION_TEST) 25 | public void testWrite_OutputStream_Recommendations() throws Exception { 26 | Recommendations recommendations = new Recommendations(new LinkedList<>()); 27 | ByteArrayOutputStream stream = new ByteArrayOutputStream(); 28 | RecommendationsIO recommendationsIO = new RecommendationsIO(TlsAnalyzedProperty.class); 29 | recommendationsIO.write(stream, recommendations); 30 | byte[] byteArray = stream.toByteArray(); 31 | try (ByteArrayInputStream inputStream = new ByteArrayInputStream(byteArray)) { 32 | recommendationsIO.read(inputStream); 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /license_header_plain.txt: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker 3 | * 4 | * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH 5 | * 6 | * Licensed under Apache License, Version 2.0 7 | * http://www.apache.org/licenses/LICENSE-2.0.txt 8 | */ 9 | -------------------------------------------------------------------------------- /resources/inputCerts/dsarootv3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDCDCCAsOgAwIBAgIBBDANBglghkgBZQMEAwIFADBEMQswCQYDVQQGEwJERTEM 3 | MAoGA1UECgwDUlVCMScwJQYDVQQLDB5UTFMtU2Nhbm5lciBDQ0EgRFNBIFJPT1Qt 4 | Q0EgdjMwHhcNMTkxMjEyMDAwMDAwWhcNMjAxMjE5MDAwMDAwWjBEMQswCQYDVQQG 5 | EwJERTEMMAoGA1UECgwDUlVCMScwJQYDVQQLDB5UTFMtU2Nhbm5lciBDQ0EgRFNB 6 | IFJPT1QtQ0EgdjMwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAiFaJKIKPnAuqMGfN 7 | atkecsfQCBD1weH2pw+8Sgs9jSprTOq0B9BAssHtnnSZ/okO7PDxRVflueedGmbe 8 | xOf54gvIXjBiuu5UqTRZLarwqzDcFOry/C78reXO76DRNYWr8NwdGB/xLLKZgsr4 9 | taXBqQJtgqz3X53VMmPbmNR9kHcCFQDoy8At3FbMLyw94mhPmks/zAFb3QKBgHtL 10 | OgtK/t0dQrjIkin6aUvYtNXM9jtuPFaFTXdDWgUoby3xow9n/6W+vK8zWgc5R9C0 11 | N3YJTpjz0Ds5Cq+3VBrSPdq40bTwc6e0qjoEWojw/770Dcw5ZCCkoNs+c1bFxOEI 12 | zRbb/AdwBeP/yyM10621zW49VRuxViAtQ8i9v09oA4GEAAKBgH0yoyVBci9ybvIr 13 | voDPN49aiFFyO9yDk8IRT9XQgLBWwlH1v2GbwrRt7L0rfAVNPzivxxhipXvnftCc 14 | M+ewaorLjTQdDKI+Dk+Gwa2q4aTjlct3nMbn3Tu2IAep7mJl5tJnxo8qmZaq0Cji 15 | GHbSB7wLIkvwrA9AEvvpx9IY1rY7o0QwQjAKBgNVHQ4EAwQBATAPBgNVHSMBAQAE 16 | BTADgAEBMA8GA1UdDwEB/wQFAwMHBAAwEgYDVR0TAQH/BAgwBgEB/wIBBTANBglg 17 | hkgBZQMEAwIFAAMwADAtAhQaYLoP/zVbfDOxBRnShYDONo7IzgIVALFOzTXtkb7o 18 | AHsahEqnMzrjgIhx 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /resources/inputCerts/ecrootv3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB+TCCAX2gAwIBAgIBAzALBgcqhkjOPQQBBQAwQzELMAkGA1UEBhMCREUxDDAK 3 | BgNVBAoMA1JVQjEmMCQGA1UECwwdVExTLVNjYW5uZXIgQ0NBIEVDIFJPT1QtQ0Eg 4 | djMwHhcNMTkxMjEyMDAwMDAwWhcNMjAxMjE5MDAwMDAwWjBDMQswCQYDVQQGEwJE 5 | RTEMMAoGA1UECgwDUlVCMSYwJAYDVQQLDB1UTFMtU2Nhbm5lciBDQ0EgRUMgUk9P 6 | VC1DQSB2MzB2MBAGByqGSM49AgEGBSuBBAAiA2IABLTerq2BEf6vMtd+0TDlRRX3 7 | Zd5g7rkfVEh14ruE+7viaX3GftqvYADqYfQJ+w039kDypJjaF/nxdF9MXFEtxqoi 8 | a4hBUPPpNG8pZ4x5esCdceXrSfCJu2EQ783CvaY+FaNEMEIwCgYDVR0OBAMEAQEw 9 | DwYDVR0jAQEABAUwA4ABATAPBgNVHQ8BAf8EBQMDBwQAMBIGA1UdEwEB/wQIMAYB 10 | Af8CAQUwCwYHKoZIzj0EAQUAA2kAMGYCMQCH/EVdv5XufeWKBgggQoRkmGxuT7gl 11 | RICHwsTciIzE5YgjoL36wEHNET7m9YDyTJcCMQDE1KyPbkl27jrYWFaDHBIVqVXz 12 | /JBphRdLImHpK5dCF1MrwW5FEhMvo1/z3J549cY= 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /resources/inputCerts/rootv1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDATCCAemgAwIBAAIBAjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJERTEM 3 | MAoGA1UECgwDUlVCMScwJQYDVQQLDB5UTFMtU2Nhbm5lciBDQ0EgUlNBIFJPT1Qt 4 | Q0EgdjEwHhcNMTkxMjEyMDAwMDAwWhcNMjAxMjE5MDAwMDAwWjBEMQswCQYDVQQG 5 | EwJERTEMMAoGA1UECgwDUlVCMScwJQYDVQQLDB5UTFMtU2Nhbm5lciBDQ0EgUlNB 6 | IFJPT1QtQ0EgdjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1+nzj 7 | aVnTIjchOjIRkX8f2nEj9KG/V5LdCr+QHYbeilHn28Jle6O3Kc0SY2nm8Ea1EHOL 8 | S1u6pX0IT8RqVlPu67ptLILdIQlBVB2NAST7IlYCMXibnb1/QIDE1FnINT+GqPLk 9 | SUzQUiVwIuiDsHbADv4Y2gGCuO+NeCMfP/JfbOpWbe9TpY4GlF50WBM6VThKYUPQ 10 | 7nW3E60xe8HaEp/8qrAiN97je2t7PZAAxiyjlr6scLE4/hvcO0Ocy1YzydMKru4c 11 | yvQmR37/aGtG7r1mMvXp4ZVdMDEY/u73Gf7DXlN34/H/rOTduza3Vn47gbtaMov+ 12 | 9Ke7tZmVU4SwmW11AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAE21M+qxbps9GNDw 13 | wvV2woT5Syladv/Uj+MvffZ5jSLVZGnTc3rfCggnYJB1YKnxTuZ27oBLddcuYh18 14 | eroZBlg3brgNUoJT4+a7mzspoH7YEgz3swSrROCnZ296U+qQT32WvZ2sGNoH1wt6 15 | YssiyRfFywkzZgAgfH068fIclFAvW2hQl18aTPQN4HkP4CkbTO6oUF9awEF0EVl4 16 | cgXFEExVTdUQHp8NazqJsC46hvFqkD/vFdJVpMl//GWN/j22OTVINAK+e4pV4Prv 17 | 1+C1yalK5tUNAWIOSQ8++2CGcS/LV3LB3mXPmALjMTOSJDUqj2gFcOn+dBow71Li 18 | T2LOGEE= 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /resources/inputCerts/rootv3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDRzCCAi+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJERTEM 3 | MAoGA1UECgwDUlVCMScwJQYDVQQLDB5UTFMtU2Nhbm5lciBDQ0EgUlNBIFJPT1Qt 4 | Q0EgdjMwHhcNMTkxMjEyMDAwMDAwWhcNMjAxMjE5MDAwMDAwWjBEMQswCQYDVQQG 5 | EwJERTEMMAoGA1UECgwDUlVCMScwJQYDVQQLDB5UTFMtU2Nhbm5lciBDQ0EgUlNB 6 | IFJPT1QtQ0EgdjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmWaMk 7 | zTTP966yakxiXR8MvePmYgJyz/dS1m2pZxbkgBQJy7VFE7qwJSF5EkVHnAAFohK9 8 | B7XtSuMRRXTrRwuBHfQrBun8pm9+4bdA62YrbG1+5+uryO3EdavhIJElvlZAI3UA 9 | yE+s+Vi7AG9V3oJFSR6NO3yItKkagmiX0yetXmc3efJUY7DOCnhYge9dUU12ab5Z 10 | wytbzTJmMOx0inlche8wm2DNXA33vDTlLoBEryqcg6JS6GFkdG7LC+LhSJOP/vbK 11 | P06qx93zDbjqU8eNWJABME9Vjv+MW6JRtDR35yjOyWOn4E5Sba1BiJ5wTRx0pFVw 12 | 4mXgsKTHwHHNTasRAgMBAAGjRDBCMAoGA1UdDgQDBAEBMA8GA1UdIwEBAAQFMAOA 13 | AQEwDwYDVR0PAQH/BAUDAwcEADASBgNVHRMBAf8ECDAGAQH/AgEFMA0GCSqGSIb3 14 | DQEBCwUAA4IBAQAOF1UZQG2B0hrEahv9KlCx/MTuKBk0S/slyurj+a6KQ9TQ5ChZ 15 | RDD89Ypfta3tBKFWuIYvRXDCR00Cwe14hThj6eefjd2kpC/P0p8GXXT2+Q2MPEcR 16 | qYE+C6Obi19z7QlyviI0hx2oFAtVus6QATvavhr2j4SuhzBWhtCH3x/oFuebY7Me 17 | pp3XuUo57RWl947k7Up2rixrCx5fwmE5A4fbaalC4UjPG/tGUdrFoYpC1tD53q1k 18 | BEZRljRRRK4vu0P2ki3dI14zbwYFKc/TeZVs7vjiquXoTInTpdzJ4EIzfcCLrsIj 19 | aNxDdCLl1Erilh1LC1evZLt1+rs91INkEnMM 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /resources/keys/dhkey_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAPCd/a6+IW+TZ5jtNFlrxOGhIW2V 3 | yo+gV2GwC7KkQlLq/gsiHhppCnoCY4jS6o4bMx5SpLNKKjcioKINitSARWUxlAKn 4 | u8X9Nez2kzvqPMzyOtVNuc3l0igpY42ZmNs1czrYsAaZlNG0R1Nxi+Cxgpi+GoSO 5 | JiSiNI3nCq/Fo+4zAgECBIGDAoGATKzw43VVZa6kmaiOOwRXjTdTPkGZ25XXNbSo 6 | vDRR3ayafJZgYBTaHHh6BPGs8fMfjn3MRkqbxYDUFdGGKdU70b7QWVtHoYp7kPxr 7 | JGh0Nxgsf1wsReZeuYX+kZKGzRMmxAcdMWSS9FxUiGlcGWiI6GyuJNW83MUL2rnb 8 | newOfZs= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_10.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAOEaFZ0v8geUy5bMszjvZ6H4/i6W 3 | c0X8SWbnxA9SDSX1gFMWP8hAMR1M2XatOErIkShvGtR+QjXGrwswhOP+WjO5kz4A 4 | YVUR3wbY/+giLQuYvm14zTc5f2gUPOXOewxSVAtGI4/PEXvM2yxieszFqmVvS4uk 5 | TVI9NrsHcVTKKlozAgECBIGDAoGAZzluzUC2qkLKPycTlCV4ZuDNyXBgWGp90zmr 6 | e4rydwSKQ3S94qU3Z0eUwy5wQ8UMezqR30tWym0xdP4GlFt7FXCIDRSKr+9usnMw 7 | ikWUZzpVvcfj2RT3QT4jR3iN/7eyX7NP1R24pxQ8D+TiekU7XRaUVCTs8yOZLaWa 8 | iLF5TxU= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAOmzys5fRWg/TJWGg5zKQpP1/v7C 3 | 60NJwl79Uy5TQUm0eA2vhhcVZH8jwLFufmV2F2Fg38YrihazuMpvmclnwVVlZ5iw 4 | Mq3pCTil3ok8s8xr+Yo2oBqIQh0AwdXpNUFC7VZL9ChRjQBJl1WLPJ1EuE2MPCJ7 5 | uh5c4VhaJ1YsGG6jAgECBIGDAoGAfDGrZyeZWm+j5fkMkaVHp5tmb7vBPX2WesX7 6 | +bgpF8o5gXDaTOuKFXDpsO5KHbjWM27A3rsICOQOIVcBbHoX2Dr6meXzwlpGP2Jf 7 | 1WCBe0PqLScj8hxASsfcgLlJ8gC+yZnrVdbBXxvgWrLbJ9O4O3Wd1JruHLZ4DQjx 8 | iwgxLhE= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAKULThcixdsu0o5QteYktJnZyKBV 3 | n24S8wYYHQJ5i/suiRQXd6NbsmVaneigdvOjslLx5YUUUwOL+zlizDfHW6VImQxp 4 | xUBljHv08BaSGsJfSgtTt9Rlkm9v+FxQwPdv1AM0795u2MmmWx2xh/a9ukbgdftE 5 | Lv7PGh4dyE/lr1ATAgECBIGDAoGAf60W9HGwhkLfQssNVPsx0v54bTRhEUB5AAkm 6 | wvT09YCmwd4Mit3vOe+mOvr0Kwp/6GFC/epUuyg7NCFeGeLr5MybcKvU7Ra1xgZm 7 | Tbc1lc9RcVlp4JzHBNjtu15vf1IAlM4WiqU7QseQvHtzMiqdJjwK0K8O1op5Yiwk 8 | T99T/ik= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAOqz/9Z76+kf3M95Nu/f/OIFLaSy 3 | lqoSA0vAZPg9Y9q4lgcAGGbl9AdR43w1a/HzRlmqJhxkGKeGDqc3LrENpcVIF26P 4 | iqMQwkitx6iPBO4z26WQcS+Nrp3SXvuMciDK/xRiUVRSwk5efv5xlzDCzJmWTkjc 5 | GeR4Zk6L4krCsmdjAgECBIGDAoGATbcjnMJBzaOUeFbGePG0jMZjPKGSYI5OBLUu 6 | F9g8sx8YeA3/XHHLxH+Dpfd1t9fupIc9x9zJZCd/5lv7PwijfO2OqGW+Q6eVT03o 7 | 9m/9GZEV1GMfj+luksFQsz6vv2UlKL9IBxH1R6NaaxjZBWGkfDkjvDMBkQMGq3lp 8 | A5yzaps= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAJWDuM3m6Ni7+H+TTfLuuht6mtaa 3 | NC9InwstnwTNrfkhFuYCwX6uolmGEMLlVb5zyKDPV18aHTaFiZT6bsMiQOkr6b+E 4 | 2q0+Gmbiiv2noNmn8vFl3RJFsvo5ouHI+5kuC5/FqFR5d++1uAu3HG2eRm4csVD2 5 | zLxMW0STXGMqlmGjAgECBIGDAoGAWzu4zFZqwYlJJnROTm8huMGECT9ZbBIKAH9m 6 | yOzWXU4UXYBKNMI2z3sA/TZSOlK7p3DpylF0XAw6MisqFwl9nGse7OZIs1GWEDIE 7 | kxZztUj4BMyS1LFd8P76znOCiRWaH4k+VIc7GHjcPo0okpFpFHDznCltDBt1cHkG 8 | JmAjhcE= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_6.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAOKd/4i/RLLhEGHH9mnvdIwaDt8F 3 | rja2gv7A3pWGlCwl28qBYb+YzvqXt2fw4+0cwm+QEBU1hcsPXg4b/xDD8lFi4mrw 4 | TBwUgP7UCeoS3YYC3YFNKfvp08SeBT2n5lbJbK6/c3gm9Tm2bjDyxxusZHYaiyY+ 5 | 5UrfsPRE9M7Onw0jAgECBIGDAoGAbH7v0Fz1PIIBddYfxzwWkkY0udPS0P9QiZZ2 6 | 8Gi3+NY27hAn8hO2s+i+5DprqF+W26vmGv0ZoQ5KxLPu9tCG5L6u6grePKbSdsEN 7 | uVNXOPweiKBpFgmFGMqiU/1nQvfoffaY9NO4YWDlXyDlHaqkMH83/4m+WVFgttD/ 8 | mWpFOzk= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_7.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBALFZt59VVeByBhf7N58GozA4Abdv 3 | KtrZ+02eAzjQ5ppOtpomznSI7gbjGHuuM7h8qog/ul93WMH/dDQW3OLwPriqx0I8 4 | yakTGDoV7329ST+aWLYGJVLxfBlJCrG0XQE6/65xV22Gz6vpWj9IHHr4jvef25+r 5 | QRsR/z1zO/NCIPBTAgECBIGDAoGAf8M5hk8gP9hGAQpIBOaC6Dh5fB0ug+tvo2T3 6 | qfFhqtNOUeD6rGMRdOJo2aoH5ofAOlDw7Ulrbu8Utc3i+uojiJkfgRANZcziBtB9 7 | ijS0Wv5KaSgVadvNkZ4HDhbyJb531CQOTTro8IS1vCSt9GAtoyeGn5fOnLL4Azip 8 | fU5lAVk= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAODKDE/ng++Y6P7LQSr996z9ldsx 3 | wnl8vQJZ54rds883WtgM+Sb3cr1JBmNGav+Mokwv7Hs3ox2zrYKlj2KcA1PBxpbG 4 | 4v/6mqsMlTGAv+pQ//kpsquc7rauLIo2jB/GYph/1r1e3fv1lv61mR8Y+hY3rhUL 5 | vqEj7BeU6haMOo6DAgECBIGDAoGAW7030zzRVXtlhbyguMYovVngWBCQPG8ZQxOR 6 | jQJCj5N9WGjMr5e+paccZB43isdKwwQxUj1ae3qgA0naezs56pQIZAUvfI2AnWnH 7 | fnuK5/XtVHlMoWaCsQCKR+vFxjs+18jlzmAiiWxLAGDCrUzfnBkhuhrQJXu1t+Oq 8 | S+YWkD4= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhkey_9.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAMbt//UcSExnLz5+Crg5HwOrGlt5 3 | cd+rZREOWqv8nr3OZLtai4wcRCXAoGz9PjYJoH1iqUj4CW2pDw5L6Rl3XqylhkPm 4 | h7TVbHFbMLwx+887MXy+ZkeC+j/63l5m5twxaKlstb10XTiH06wO2XiYdwkiiNqZ 5 | kbXwWPqGb35v3Y2jAgECBIGDAoGARPBrm5+OwI8JL5/GFYuqm9ElDjHlKuvtHRYW 6 | kTn6xmLP1kJRcUrmWxmrXPL+Hrb3t+2a9cyC1GUKK/BfP72qFli7B2DWeBJ5y4E8 7 | WXcmzCI509QXUSk8LWBaLJO4/uKTsHqvJG1ZKBT9W7NXB4kSsHEAO84yN4X3uQnD 8 | brbN+RQ= 9 | -----END PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhparam_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAPCd/a6+IW+TZ5jtNFlrxOGhIW2Vyo+gV2GwC7KkQlLq/gsiHhppCnoC 3 | Y4jS6o4bMx5SpLNKKjcioKINitSARWUxlAKnu8X9Nez2kzvqPMzyOtVNuc3l0igp 4 | Y42ZmNs1czrYsAaZlNG0R1Nxi+Cxgpi+GoSOJiSiNI3nCq/Fo+4zAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_10.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAOEaFZ0v8geUy5bMszjvZ6H4/i6Wc0X8SWbnxA9SDSX1gFMWP8hAMR1M 3 | 2XatOErIkShvGtR+QjXGrwswhOP+WjO5kz4AYVUR3wbY/+giLQuYvm14zTc5f2gU 4 | POXOewxSVAtGI4/PEXvM2yxieszFqmVvS4ukTVI9NrsHcVTKKlozAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAOmzys5fRWg/TJWGg5zKQpP1/v7C60NJwl79Uy5TQUm0eA2vhhcVZH8j 3 | wLFufmV2F2Fg38YrihazuMpvmclnwVVlZ5iwMq3pCTil3ok8s8xr+Yo2oBqIQh0A 4 | wdXpNUFC7VZL9ChRjQBJl1WLPJ1EuE2MPCJ7uh5c4VhaJ1YsGG6jAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAKULThcixdsu0o5QteYktJnZyKBVn24S8wYYHQJ5i/suiRQXd6NbsmVa 3 | neigdvOjslLx5YUUUwOL+zlizDfHW6VImQxpxUBljHv08BaSGsJfSgtTt9Rlkm9v 4 | +FxQwPdv1AM0795u2MmmWx2xh/a9ukbgdftELv7PGh4dyE/lr1ATAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAOqz/9Z76+kf3M95Nu/f/OIFLaSylqoSA0vAZPg9Y9q4lgcAGGbl9AdR 3 | 43w1a/HzRlmqJhxkGKeGDqc3LrENpcVIF26PiqMQwkitx6iPBO4z26WQcS+Nrp3S 4 | XvuMciDK/xRiUVRSwk5efv5xlzDCzJmWTkjcGeR4Zk6L4krCsmdjAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAJWDuM3m6Ni7+H+TTfLuuht6mtaaNC9InwstnwTNrfkhFuYCwX6uolmG 3 | EMLlVb5zyKDPV18aHTaFiZT6bsMiQOkr6b+E2q0+Gmbiiv2noNmn8vFl3RJFsvo5 4 | ouHI+5kuC5/FqFR5d++1uAu3HG2eRm4csVD2zLxMW0STXGMqlmGjAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_6.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAOKd/4i/RLLhEGHH9mnvdIwaDt8Frja2gv7A3pWGlCwl28qBYb+YzvqX 3 | t2fw4+0cwm+QEBU1hcsPXg4b/xDD8lFi4mrwTBwUgP7UCeoS3YYC3YFNKfvp08Se 4 | BT2n5lbJbK6/c3gm9Tm2bjDyxxusZHYaiyY+5UrfsPRE9M7Onw0jAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_7.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBALFZt59VVeByBhf7N58GozA4AbdvKtrZ+02eAzjQ5ppOtpomznSI7gbj 3 | GHuuM7h8qog/ul93WMH/dDQW3OLwPriqx0I8yakTGDoV7329ST+aWLYGJVLxfBlJ 4 | CrG0XQE6/65xV22Gz6vpWj9IHHr4jvef25+rQRsR/z1zO/NCIPBTAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAODKDE/ng++Y6P7LQSr996z9ldsxwnl8vQJZ54rds883WtgM+Sb3cr1J 3 | BmNGav+Mokwv7Hs3ox2zrYKlj2KcA1PBxpbG4v/6mqsMlTGAv+pQ//kpsquc7rau 4 | LIo2jB/GYph/1r1e3fv1lv61mR8Y+hY3rhULvqEj7BeU6haMOo6DAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhparam_9.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAMbt//UcSExnLz5+Crg5HwOrGlt5cd+rZREOWqv8nr3OZLtai4wcRCXA 3 | oGz9PjYJoH1iqUj4CW2pDw5L6Rl3XqylhkPmh7TVbHFbMLwx+887MXy+ZkeC+j/6 4 | 3l5m5twxaKlstb10XTiH06wO2XiYdwkiiNqZkbXwWPqGb35v3Y2jAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAPCd/a6+IW+TZ5jtNFlrxOGhIW2Vyo+g 3 | V2GwC7KkQlLq/gsiHhppCnoCY4jS6o4bMx5SpLNKKjcioKINitSARWUxlAKnu8X9 4 | Nez2kzvqPMzyOtVNuc3l0igpY42ZmNs1czrYsAaZlNG0R1Nxi+Cxgpi+GoSOJiSi 5 | NI3nCq/Fo+4zAgECA4GEAAKBgGjApn73WKrFjMSW91C80SYmyH2oNLncRmeCzsoQ 6 | AuBqqiFRyQFWLEzDhGjbfS0WYDbQNHgLwM04wRffbna41QKfTwowmgNRLeFZtmMO 7 | slfPa3b1ttTuZ2+LR+jXZSFQGUGN+GLoEMzjnBrynvxCRwYHl5S+X0O0AJpRy1X1 8 | v6Fd 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_10.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIDCBlQYJKoZIhvcNAQMBMIGHAoGBAOEaFZ0v8geUy5bMszjvZ6H4/i6Wc0X8 3 | SWbnxA9SDSX1gFMWP8hAMR1M2XatOErIkShvGtR+QjXGrwswhOP+WjO5kz4AYVUR 4 | 3wbY/+giLQuYvm14zTc5f2gUPOXOewxSVAtGI4/PEXvM2yxieszFqmVvS4ukTVI9 5 | NrsHcVTKKlozAgECA4GFAAKBgQCVcBPzQjHrtfLxl6gyoeCoepDVXljGnwrU7Rf+ 6 | 6sF00l9vrmZejC3ko+y2B5TT+eoyEKACD3p3zscXaTSFVJjwnNUvYWjWl3RJjbR8 7 | I44BcISV+pWGwZaG8tB6trpjsorEWZxUcvS1jTggt+rEofh/NeFOis5CBPxVB0DE 8 | 2tBPnw== 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIDCBlQYJKoZIhvcNAQMBMIGHAoGBAOmzys5fRWg/TJWGg5zKQpP1/v7C60NJ 3 | wl79Uy5TQUm0eA2vhhcVZH8jwLFufmV2F2Fg38YrihazuMpvmclnwVVlZ5iwMq3p 4 | CTil3ok8s8xr+Yo2oBqIQh0AwdXpNUFC7VZL9ChRjQBJl1WLPJ1EuE2MPCJ7uh5c 5 | 4VhaJ1YsGG6jAgECA4GFAAKBgQCEbLaIQsorMJMs3Y0dF/EKBG/rMkUkb0niN5nG 6 | aHLaeVe3YKsJTeD2AjCqHZTBJ3rbzfaIJfDCwakwe7N71tPfyRiu0Dg/xQSqrG1X 7 | UCQipbbvB6gd8qqGUfKcPM2HxkkUQd3o46DZVKmk6MG2fkyp0D5lbKJXg1nXQCzt 8 | d7tWCA== 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAKULThcixdsu0o5QteYktJnZyKBVn24S 3 | 8wYYHQJ5i/suiRQXd6NbsmVaneigdvOjslLx5YUUUwOL+zlizDfHW6VImQxpxUBl 4 | jHv08BaSGsJfSgtTt9Rlkm9v+FxQwPdv1AM0795u2MmmWx2xh/a9ukbgdftELv7P 5 | Gh4dyE/lr1ATAgECA4GEAAKBgA9o1zASoQUPrqqamiYloNVvmTfpzf7VZpT7MJGu 6 | A1ED4o3C1rC27LK9nZFZfjBB3wBGYtxAjsJArul86+PhW4iW4qSEX+W/ojoMmtld 7 | B6+79IDAoym0HOsB1nOxspnVLt9JnSb0l1BudrapXaL7HaGq0yZYi6LagUuaTadS 8 | iFnK 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAOqz/9Z76+kf3M95Nu/f/OIFLaSylqoS 3 | A0vAZPg9Y9q4lgcAGGbl9AdR43w1a/HzRlmqJhxkGKeGDqc3LrENpcVIF26PiqMQ 4 | wkitx6iPBO4z26WQcS+Nrp3SXvuMciDK/xRiUVRSwk5efv5xlzDCzJmWTkjcGeR4 5 | Zk6L4krCsmdjAgECA4GEAAKBgCm8HMcs8Mnz3yovBNU7qyVkO6t7hUNdndcWDEcN 6 | /DL9nJt/Qd7h5t7xvruqAKSRFGgoZcfdPD0PVMtRs0lrEWYIwITS+lLxI2FFEPPC 7 | d+RTDQdXo1SE0WhKTHTLtILXO9mgcGdoPB9hy/OKu2iscOlT8CTFY4J72VF0bBUG 8 | AO/E 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAJWDuM3m6Ni7+H+TTfLuuht6mtaaNC9I 3 | nwstnwTNrfkhFuYCwX6uolmGEMLlVb5zyKDPV18aHTaFiZT6bsMiQOkr6b+E2q0+ 4 | Gmbiiv2noNmn8vFl3RJFsvo5ouHI+5kuC5/FqFR5d++1uAu3HG2eRm4csVD2zLxM 5 | W0STXGMqlmGjAgECA4GEAAKBgHGi+N1wJZkPTxtGNimBChbj+0SEnL+U3jQTdBLS 6 | zw+/50aHqcUhJ2/YHTvR801F9wuZwH3hKtLW8OIwCpLhdVlymLEEApvDIGfZQOB5 7 | hRM6cFDXOZJaLBSln2e/DLJPRDd9ObaJhwkiuJnx5977SGSh7QG6FPLxsHHgvhG8 8 | 5/kx 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_6.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAOKd/4i/RLLhEGHH9mnvdIwaDt8Frja2 3 | gv7A3pWGlCwl28qBYb+YzvqXt2fw4+0cwm+QEBU1hcsPXg4b/xDD8lFi4mrwTBwU 4 | gP7UCeoS3YYC3YFNKfvp08SeBT2n5lbJbK6/c3gm9Tm2bjDyxxusZHYaiyY+5Urf 5 | sPRE9M7Onw0jAgECA4GEAAKBgBPWKgDM1fdp8VCFVFrMbT7UQUsZ3j1nle9KVaua 6 | ewUOOjEdNutHPBVZu31yFKATpl+kj6l6I2Qvh0j0CEd3AxFsEGfhpiQLOGUDBjBc 7 | 2GJdQ6QGwrFZF4RGFbyUfC1KM4/q8wm5NH+1WeML67zy1KnESD5Lh7ajhm7Q0++L 8 | xxY6 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_7.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBALFZt59VVeByBhf7N58GozA4AbdvKtrZ 3 | +02eAzjQ5ppOtpomznSI7gbjGHuuM7h8qog/ul93WMH/dDQW3OLwPriqx0I8yakT 4 | GDoV7329ST+aWLYGJVLxfBlJCrG0XQE6/65xV22Gz6vpWj9IHHr4jvef25+rQRsR 5 | /z1zO/NCIPBTAgECA4GEAAKBgHSHE6tWrJkBqWhi5e8Dzg18IWJLf3uVlb8dkvWZ 6 | 8yn8EclxE9i+xFEflpq7HOjK8ZF4ygW2S/z+nYEBrLgUNTUAkBd+XqZla++dDTGv 7 | TbqaBfDCERxtJ8DefRyOIB2zrQh0dQ7luvTGRYhCk7OZLhlJJSOTCB3J830DcnCa 8 | yx04 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIDCBlQYJKoZIhvcNAQMBMIGHAoGBAODKDE/ng++Y6P7LQSr996z9ldsxwnl8 3 | vQJZ54rds883WtgM+Sb3cr1JBmNGav+Mokwv7Hs3ox2zrYKlj2KcA1PBxpbG4v/6 4 | mqsMlTGAv+pQ//kpsquc7rauLIo2jB/GYph/1r1e3fv1lv61mR8Y+hY3rhULvqEj 5 | 7BeU6haMOo6DAgECA4GFAAKBgQCBVdy1a3op/O242JqtAryRThDlGNNg8nMKG10f 6 | iPh568nv07qomP5Vlbd6pEyi91QhmW5r1gT0tdvx0PwkiZHuAVpKSG58+cgs0dUi 7 | 59La7h8e08GPeRN9pNReefmaVMiILxJP1ZfaIKfvYf6WExwz/3UX5QA135AwcSPg 8 | ECnuhA== 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dhpubkey_9.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAMbt//UcSExnLz5+Crg5HwOrGlt5cd+r 3 | ZREOWqv8nr3OZLtai4wcRCXAoGz9PjYJoH1iqUj4CW2pDw5L6Rl3XqylhkPmh7TV 4 | bHFbMLwx+887MXy+ZkeC+j/63l5m5twxaKlstb10XTiH06wO2XiYdwkiiNqZkbXw 5 | WPqGb35v3Y2jAgECA4GEAAKBgGsjaPHKWRMuqV1X2Sx1sJCMGGNzkJPGzEBHCYEs 6 | Me19MX8TexDTntlZLsOOt3RUCyNciCCQR5t7meHp7Z9mGXT9CcFy0+ZZdkCYCCXB 7 | N4OtCCcM7GvEtc76vwOMUi+SNLq4d6krrKB2ELcfOMktfZNSzf5+unF3zL91FX7k 8 | jgWc 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsakey_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBugIBAAKBgQDN6pepgUtd2vA1l/dKw/7xHhI9nzobtAabnw1CGG5qWggQFbBZ 3 | SrHVjwhK5KBEnA1HAptxtf6PqyuaO8CrT9yWqPpAWURliEu0AqGqL/E0m2Rpuj+m 4 | HvwHPSWXQgFbz0jv3TTxBYTB5DYLHxuaxOiLsbfPWNTatUzb+CrcdTqhgQIVAOBS 5 | TaZWXS8KvyIpVnbS9eiLD17FAoGAVsJYHYPYD4dbmEzN+Ln9WENlluXSYGWLpxjY 6 | a0nMrblxrrgm7K/KpqbZAITW3eTO8TGlEKUPfErD/LH+2wEEJu43LMs1O1vWil17 7 | vFKCyoP9bYRV2C9M7FSZTpHu8yHmsmHHNA2AmXvrPudh4EWnI+Ff1n2MB5b7KD+a 8 | W+TchwMCgYBzqZmrlofhTVDQKk/TsaGHaHOmsZ85xsAWZslNvSjU4m5iSSPFR35y 9 | qJ8AsVAROvCxrx88g4MylKKPH59sPagns95TkmtoOfFrDVS3CWgVSc6hrVX9LHrL 10 | 3VAhiJeaseJTugvCZtnBMVtmb+P0S1GChBEAMRgcRxjID/5mqJwnPAIUFE74mUoJ 11 | 2KuWbdxsnwuUsyyJmWk= 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_10.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBugIBAAKBgQCxMb8Iwee1cIs8FETVbLRE2v494XK42w3sI0frwlw0g6lcbAPN 3 | R0SWAhqEJNdNC+d6xrvW2kBQkrz2mZt+7Bds2nhbiK/C6p4fmfq2aZ0fixy9hjSY 4 | KmdxeA1vt8EvrfUNCz8b3Pfo3Jph870YUaSiSmO/SEaCbr82sMkbhbIAoQIVAKH2 5 | 4vSQ4RCq59hSOhAY4P65fi4nAoGALUq4BANY0dEEu2CbeK7bdZVjHFxx1wgHZaP+ 6 | Nm64jPbDCN0Xl9vJ6DasEoBOVY/b7Nex5bGU5Y+Emil21ncepBHkwxHDS/0t00EE 7 | FTtn7kp+8HWHdusu4iDblKAtTuAU7siDKCChPhSXOYn4wkfr0exv3b+nC98KjthA 8 | Lotz4d4CgYA4Ec/u1iLPXtoejqai4VVQZvjtCFeucebqSUKR5Bp2W5z4xO9JqF9Z 9 | UgpxKeywF6ehjV20TG4AILmgTDyJTFfTIzgSJsiE0FM7xRkvba8/KwHniTgf8e0W 10 | GYJmi+idY1d8XXf9eq0oX6gLl1JmjfsKZp8t+zwy/Fm0nbv1yRF1UAIUXPuYvW5p 11 | 1tAU4/swByPJZ4arCTI= 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBvAIBAAKBgQDCP3/mzd925XcnBreBcNK/59yUxQ/7iBAQf230FZ/YZ+e0+m5o 3 | MEqYMvYXmA+9yZZRFzo5vbN5WMHx1GVaXWaipQ5tlB9jhkmceP7l7T5oOPNGIL3R 4 | YqTwv+d6cNfyKn6zQrvJ3Ws703to7TSpWbDB1WrhuBCLZq5R7eg9O9lKDQIVAOa/ 5 | l9pWZ46d5cjqKfuXrX4PsszFAoGAdaf6G5eq9R78dP3yqNejkPqCEHuaInAJoXHK 6 | AymPUUEaOduZ6Zk+gA7bqlik8nayGXd4DSMGo6ItjbM/rH8ctgUNXGnDpajULffa 7 | o8cttJ1A/QjNUP9L1aVSOVTT+n3dw/IB21lK/2qfgKnomCCA3dFM9ChiCch1195k 8 | Q0nSAZECgYEAoEuHMOT9v288S8Eyl4PhPZ907IU/+LuZEOhCj+W/3FfuicjBeIz1 9 | Oe6//pKmTFbilxFeO1pEkk+qOqZCKcjmyKKVh1rD4M2RGPQB9GTqu8aNn6nenAQm 10 | A0Fu2mstN7/+FaxScISvY5Zh+ep3VyLDKvbWCYAaYxMVtJaCaGur7CECFQC0yWJQ 11 | 4pOSgxbOy3DX26QDzvSUTA== 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBuwIBAAKBgQDwWIj37w4Z9rV4byTZMbyA/kFf9iU4AhaNiluZo5gxLxkJtvMH 3 | LFZcOCYnH61Gbdmwg1NuPDLXj/zJqSX+/Xq1RNSlvg45Jjhyrdw1HKD6Lhtiv9cw 4 | SrDE3AoI2j1dIxFP+4SK+TNf1R6tm3n2l5osr4kl4emNVVjb03941iM7rwIVAMkb 5 | LQHpUfTDI4uVRQhRpz9F7So9AoGBAJs8VaSD2LGKu71HkOoymtjs88q739xFcktQ 6 | XXfzqbzyp5HKse32WfQwVfXTlnFUjR/zQAYV0fsnEOCGY/EidEXlGH04DGhTg8OS 7 | PlJFtQhBASzE2YnnCNaVrU2QhZioTD+s0ELwTIjwVBsUQy/SxnereYb+azzt8TLw 8 | Wykn9i1pAoGAD5avJ0Lo777bZXzuZfVuFv6W16TWukpyArwnsDv3IqytsM0xQcTC 9 | ImOeBhR2rhqZldUeW0UqrVD0wLuOTYF57qwYvutJc7pJnFRsUtZbnCNBuNUQ1J2p 10 | P09ircOMhmsouF6mMDyPGr4H6NKzhQ7pov4S8/hCSGw8YgH+m0zNht4CFHXttXKp 11 | l1KGbkYE6HGn4HOUqwb0 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBuwIBAAKBgQD/DVV/nWVnWs0QZtZMMdYIDcTE9i+Rcy0X1Y+ecSeEm4ISmkR3 3 | ZTQCPBhslt4uIMHRD2TR/Hxr+GmNez5ZcqfNi+eLijAhigMlWSbahsTaVLe14Js1 4 | 9Lf+Yty5liB1AXUkPafOTYvAkcytZOeJ5zvYoE393Zp6Ewyu9SlYA85gFwIVAM7x 5 | 9l2B7y4NnGoyATadBXb/x8VhAoGBAJgKFXapOx8rIvKDyfn/ZLFzKkmhcLftY4PX 6 | woa2tHxgJCuTWUtcmgvdhCuqal9c8nnsWwxe4HuaIRA13nylC9nGeDGoU/Cdxt2X 7 | lkmYX9fFn61vrEcb71KGpf9O5g6QteIa++0GOHHzjROTBFLiqkjZloYICnaNGrQH 8 | LvgnZPwUAoGAc/vBm1xBiDq6M5/BRhDoLYksapUIu1Kk7BQsz1AC9eetGN5iFxRp 9 | DwgCi+FuKERfTww6akcXfawI84UXAUvbXSn/46GyPJT9bDBzd88grd9lG1tOYSAu 10 | BmFSU1a5rrf/IA4V/gx70dSz+sqpdUYZJ4pGn3znm2w8dl/7crdAItUCFDf6mJ5E 11 | 6y5vNPAowR/9mlO8cIcm 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBugIBAAKBgQCMniwrQxCX2YL1/e+hfUi02gfZODcHcSSnt1Q9cXZMSW5t9Kbz 3 | j8KCsQQ/nhiMNJFuAxFfLNJuwpp9XDzJa1kzNloMqu3Zjp0Y0JgxN9ijAGfDNCbb 4 | lyZOQxfrKZOlZgZVT+UxyIatq+4rwy2i6VgfeogjwXfFpGwJsg+P23OFMwIVAK60 5 | VdJBcncXgqbWor6cb+7IZzJxAoGAe7iRyiTMJ2o1jBPnpgxVGSr8ACrAAvhWV+BW 6 | pm7gH+we4pN0yJL32hOlJSVzC/Q/Kj+L1FF1/EHw/WmZpjkz3fHGyYvON9tkz1Fz 7 | 9GyrUadhTit213d6bWSKpvq7XetdG+fapAdoeTHlVPJQRqNIfz3YhUeP27UQbRY4 8 | Q8nNiUkCgYAxzXdF4qIayVAYXO1zCXdxJK5Qnm3NroyFhS8O7uJMQk4AtEZU5CQy 9 | 61St+O1dh4p6vRaWST4f/pCwLCpR19Gsu35g+t2oAVc2Tx4PDcyiaiO/CWmY/Y2w 10 | b4Ld60ZG0EWIWKUhA5BOp0yzmsWyyX0IfC543xLoJhHDunrJjevszwIUE3CWZMT5 11 | WVlB46UXhu6kVZo6u+k= 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_6.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBugIBAAKBgQCwyncAle+tpgTXlwyEbW8BT644hkLS+VVYFWgW5zuCVDuLaQdQ 3 | A8gs08CrJm+hcOq2zLze3CyWlnYJL3Ps7RHYwTir/L5ZIf6S4nkb+8R2s0iKe8DG 4 | XW3O9J7Ri/5eCgOWj11efITDyzGr5IzdDzePVFZDW7oXwBOwk0SkGq2bUwIVAIsK 5 | AequAOQnB7DPZvf+DrCB64j9AoGAHHdOfgvAlCdVr6Ghj7OARdoLriYD7L8GUo4a 6 | nwnftRPc2UOl1ZkSJncOpoRKBhsuuQJkkWlIbEcP6U5qTLuwSfVAxFoDpyMFeMRx 7 | 9Jqt+0oUJHc8XQc3i4u3QyYi2eBm8akU4eJ3Zbwi5ZsmNZUWnqwrmRw1/6e34a5n 8 | IzTt5UICgYBB6KPO653pnakDBozdLgcko6M7aJgIQPZ8ZpbitWGeyyjLvmcKALEs 9 | Tj5Jj+KHnudKrgd9lBfj2Ygx1Is8LXuLKBWhbxoH2N9RjTOdjpNWLmqlFAqqhHUl 10 | +o8GTFrPlU5yU6T874D5i1Gx4EkdqHGd1cW/sMys1sV1wmxRUG3LFQIUFBLAMmSO 11 | fd7EeX3/Zz91e4MGhw4= 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_7.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBugIBAAKBgQCR3AzZkSSlSWMxA5lQ9YvPSTp9aeBOeEDmYvLTIa8cz9+CGpgk 3 | C361bUel5i0R+oeKG1xRfso1GOoVjw3LoZE7TuxBhf6HeC9pPitlsKPdUmoh/KyL 4 | UBBNueAWKdjwXDZ3he/pya6DjSVgGvdxLzzoqliYABFwuOU2HEvFpbRjqwIVAM+I 5 | 80MPbPpZN53Y7G3HDdomKe1NAoGAKNCmDEwipB2NWaeS/bpIcrgCLSOyHd+eJRje 6 | CeEynwLIGDtLyqsQ4v4NALn+A0AchNHEOva9rn9DyKeutJ92m/1UvUpPaIQYu5xE 7 | blGlqdHFiUidS29rWVKF7Xk1+ch0YjHs5Z0DIBZurOvqgOeIwL3xD1/I+/+exWVw 8 | u+EyStgCgYBR09xZVWxehwbKYs1DHNkCvmGYC6WtCTsr0JF+uGQyM+mZJ8BL9dp5 9 | nmP1UJFuUjEJCQ6VVy6EN+PHThRFLy5wEjsFeeFUH+JUNJaLkdN+6A57OGb7gZDb 10 | ViuCSRSZZWFctLXQQfhl7HXVVuW8WchTlr5Bf1+AcWGGNkBgg9XHzQIUDGAxXK8o 11 | 0yO0Ly5uM3DZ3XTLO3I= 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBuwIBAAKBgQCn6BKzV8/7kQlGvNN/R8EZJ8D49lBTRYDxTZ6aSGEIzhIUmaZR 3 | alD558NWZ8Y4ofDIusTBEKSNnzDvPmQCl5XkpAUcB2+0VfaTXy+hipbEzSaPcegY 4 | ugS6pOE/1SNrFAD1ejK5gf8sGG4keRpuawL6gK4AFknQzkErerH3gx8COwIVAIYs 5 | +Y1N+yVXcwfwRp/t7uwDNYb5AoGAUuRHBtHeIa+q270u9YaDwujWfji7Xf9wa7IM 6 | wCTegqULikav/oNwSpQ88y4OuDwbdom7YvbPlsYrFvdCoI/gNLS5V40uMHe7pdBI 7 | FzSHuAtlZr5bdInoPM0+GMMzf1VPR0fBpVTEVI2VnnORK9ddR51v08kQJ8OYZCXk 8 | ya4BVdcCgYAX69BBlUDb0Gjawfl6rejlHv3iSaqafgpFu6+q/o/JjkWMRAq34tvy 9 | J1xO0F90OtPuF8KSyBIT2uqCecIoL8eA5pnJr7grZzuuAOwGeXlx/YvC2wy3W2MI 10 | s7I12jE8YY46yp8id20V3CCElyMr5bsMm8vlwMuaHuJAMltwfPjZIwIVAIWwfv9W 11 | 9Mm/FhRdu563b8B2iZTo 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsakey_9.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBuwIBAAKBgQCg3cRvnBL4KReBKNAJWb68um56TdvGo8D+j61L21DnDetKEU3E 3 | oV+9RhiacLFgrX/AaYyoLqFlbwPy1pMCCo8r1sdzQb58lRtupktTKVpUvvs+K+9a 4 | J+mK/ClJJevg7kfmhiIPeW4VGnrJoMQeiK99cnfT/7+QH0BUGtBCzfaMOQIVAOY+ 5 | aHjTuSxjiKVt961SAui/x8YtAoGBAJS8mP6tDDExzqdIuOwDhCj29vCHHlv+AtCJ 6 | /FtpnhF3bJWXc+TF9btrhTCIEkGacHLZPX5P04gyg228nzLMCwNsYAzjETsdtmEp 7 | 5HK8/RuIQZCS5yF4c9UmIdtSHsH0XWkZmS0CrumcfkNT7P/94KE5Vtyoz3iAWP9e 8 | dFC5iQ+5AoGAGAQA6JrM7kOjF4Tp7XousCXjocnDAuPCf7pViI/aWR/Zuum7jX28 9 | vAxHyHyzMO66gwhToPmJme+tKKjGh60KfGcVJ3c3+moi5S5C4xJ5+Z/J5BeYeem5 10 | 6+8B6ISGtX9jSbByFuTQHPIt5S9DEDj8QqL++sf8usG67fKgtArjFuMCFBvsSeRk 11 | m5olDlM291ZyXPsgQQmG 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQDN6pepgUtd2vA1l/dKw/7xHhI9nzobtAabnw1CGG5qWggQFbBZSrHV 3 | jwhK5KBEnA1HAptxtf6PqyuaO8CrT9yWqPpAWURliEu0AqGqL/E0m2Rpuj+mHvwH 4 | PSWXQgFbz0jv3TTxBYTB5DYLHxuaxOiLsbfPWNTatUzb+CrcdTqhgQIVAOBSTaZW 5 | XS8KvyIpVnbS9eiLD17FAoGAVsJYHYPYD4dbmEzN+Ln9WENlluXSYGWLpxjYa0nM 6 | rblxrrgm7K/KpqbZAITW3eTO8TGlEKUPfErD/LH+2wEEJu43LMs1O1vWil17vFKC 7 | yoP9bYRV2C9M7FSZTpHu8yHmsmHHNA2AmXvrPudh4EWnI+Ff1n2MB5b7KD+aW+Tc 8 | hwM= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_10.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQCxMb8Iwee1cIs8FETVbLRE2v494XK42w3sI0frwlw0g6lcbAPNR0SW 3 | AhqEJNdNC+d6xrvW2kBQkrz2mZt+7Bds2nhbiK/C6p4fmfq2aZ0fixy9hjSYKmdx 4 | eA1vt8EvrfUNCz8b3Pfo3Jph870YUaSiSmO/SEaCbr82sMkbhbIAoQIVAKH24vSQ 5 | 4RCq59hSOhAY4P65fi4nAoGALUq4BANY0dEEu2CbeK7bdZVjHFxx1wgHZaP+Nm64 6 | jPbDCN0Xl9vJ6DasEoBOVY/b7Nex5bGU5Y+Emil21ncepBHkwxHDS/0t00EEFTtn 7 | 7kp+8HWHdusu4iDblKAtTuAU7siDKCChPhSXOYn4wkfr0exv3b+nC98KjthALotz 8 | 4d4= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQDCP3/mzd925XcnBreBcNK/59yUxQ/7iBAQf230FZ/YZ+e0+m5oMEqY 3 | MvYXmA+9yZZRFzo5vbN5WMHx1GVaXWaipQ5tlB9jhkmceP7l7T5oOPNGIL3RYqTw 4 | v+d6cNfyKn6zQrvJ3Ws703to7TSpWbDB1WrhuBCLZq5R7eg9O9lKDQIVAOa/l9pW 5 | Z46d5cjqKfuXrX4PsszFAoGAdaf6G5eq9R78dP3yqNejkPqCEHuaInAJoXHKAymP 6 | UUEaOduZ6Zk+gA7bqlik8nayGXd4DSMGo6ItjbM/rH8ctgUNXGnDpajULffao8ct 7 | tJ1A/QjNUP9L1aVSOVTT+n3dw/IB21lK/2qfgKnomCCA3dFM9ChiCch1195kQ0nS 8 | AZE= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHwKBgQDwWIj37w4Z9rV4byTZMbyA/kFf9iU4AhaNiluZo5gxLxkJtvMHLFZc 3 | OCYnH61Gbdmwg1NuPDLXj/zJqSX+/Xq1RNSlvg45Jjhyrdw1HKD6Lhtiv9cwSrDE 4 | 3AoI2j1dIxFP+4SK+TNf1R6tm3n2l5osr4kl4emNVVjb03941iM7rwIVAMkbLQHp 5 | UfTDI4uVRQhRpz9F7So9AoGBAJs8VaSD2LGKu71HkOoymtjs88q739xFcktQXXfz 6 | qbzyp5HKse32WfQwVfXTlnFUjR/zQAYV0fsnEOCGY/EidEXlGH04DGhTg8OSPlJF 7 | tQhBASzE2YnnCNaVrU2QhZioTD+s0ELwTIjwVBsUQy/SxnereYb+azzt8TLwWykn 8 | 9i1p 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHwKBgQD/DVV/nWVnWs0QZtZMMdYIDcTE9i+Rcy0X1Y+ecSeEm4ISmkR3ZTQC 3 | PBhslt4uIMHRD2TR/Hxr+GmNez5ZcqfNi+eLijAhigMlWSbahsTaVLe14Js19Lf+ 4 | Yty5liB1AXUkPafOTYvAkcytZOeJ5zvYoE393Zp6Ewyu9SlYA85gFwIVAM7x9l2B 5 | 7y4NnGoyATadBXb/x8VhAoGBAJgKFXapOx8rIvKDyfn/ZLFzKkmhcLftY4PXwoa2 6 | tHxgJCuTWUtcmgvdhCuqal9c8nnsWwxe4HuaIRA13nylC9nGeDGoU/Cdxt2XlkmY 7 | X9fFn61vrEcb71KGpf9O5g6QteIa++0GOHHzjROTBFLiqkjZloYICnaNGrQHLvgn 8 | ZPwU 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQCMniwrQxCX2YL1/e+hfUi02gfZODcHcSSnt1Q9cXZMSW5t9Kbzj8KC 3 | sQQ/nhiMNJFuAxFfLNJuwpp9XDzJa1kzNloMqu3Zjp0Y0JgxN9ijAGfDNCbblyZO 4 | QxfrKZOlZgZVT+UxyIatq+4rwy2i6VgfeogjwXfFpGwJsg+P23OFMwIVAK60VdJB 5 | cncXgqbWor6cb+7IZzJxAoGAe7iRyiTMJ2o1jBPnpgxVGSr8ACrAAvhWV+BWpm7g 6 | H+we4pN0yJL32hOlJSVzC/Q/Kj+L1FF1/EHw/WmZpjkz3fHGyYvON9tkz1Fz9Gyr 7 | UadhTit213d6bWSKpvq7XetdG+fapAdoeTHlVPJQRqNIfz3YhUeP27UQbRY4Q8nN 8 | iUk= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_6.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQCwyncAle+tpgTXlwyEbW8BT644hkLS+VVYFWgW5zuCVDuLaQdQA8gs 3 | 08CrJm+hcOq2zLze3CyWlnYJL3Ps7RHYwTir/L5ZIf6S4nkb+8R2s0iKe8DGXW3O 4 | 9J7Ri/5eCgOWj11efITDyzGr5IzdDzePVFZDW7oXwBOwk0SkGq2bUwIVAIsKAequ 5 | AOQnB7DPZvf+DrCB64j9AoGAHHdOfgvAlCdVr6Ghj7OARdoLriYD7L8GUo4anwnf 6 | tRPc2UOl1ZkSJncOpoRKBhsuuQJkkWlIbEcP6U5qTLuwSfVAxFoDpyMFeMRx9Jqt 7 | +0oUJHc8XQc3i4u3QyYi2eBm8akU4eJ3Zbwi5ZsmNZUWnqwrmRw1/6e34a5nIzTt 8 | 5UI= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_7.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQCR3AzZkSSlSWMxA5lQ9YvPSTp9aeBOeEDmYvLTIa8cz9+CGpgkC361 3 | bUel5i0R+oeKG1xRfso1GOoVjw3LoZE7TuxBhf6HeC9pPitlsKPdUmoh/KyLUBBN 4 | ueAWKdjwXDZ3he/pya6DjSVgGvdxLzzoqliYABFwuOU2HEvFpbRjqwIVAM+I80MP 5 | bPpZN53Y7G3HDdomKe1NAoGAKNCmDEwipB2NWaeS/bpIcrgCLSOyHd+eJRjeCeEy 6 | nwLIGDtLyqsQ4v4NALn+A0AchNHEOva9rn9DyKeutJ92m/1UvUpPaIQYu5xEblGl 7 | qdHFiUidS29rWVKF7Xk1+ch0YjHs5Z0DIBZurOvqgOeIwL3xD1/I+/+exWVwu+Ey 8 | Stg= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQCn6BKzV8/7kQlGvNN/R8EZJ8D49lBTRYDxTZ6aSGEIzhIUmaZRalD5 3 | 58NWZ8Y4ofDIusTBEKSNnzDvPmQCl5XkpAUcB2+0VfaTXy+hipbEzSaPcegYugS6 4 | pOE/1SNrFAD1ejK5gf8sGG4keRpuawL6gK4AFknQzkErerH3gx8COwIVAIYs+Y1N 5 | +yVXcwfwRp/t7uwDNYb5AoGAUuRHBtHeIa+q270u9YaDwujWfji7Xf9wa7IMwCTe 6 | gqULikav/oNwSpQ88y4OuDwbdom7YvbPlsYrFvdCoI/gNLS5V40uMHe7pdBIFzSH 7 | uAtlZr5bdInoPM0+GMMzf1VPR0fBpVTEVI2VnnORK9ddR51v08kQJ8OYZCXkya4B 8 | Vdc= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_9.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHwKBgQCg3cRvnBL4KReBKNAJWb68um56TdvGo8D+j61L21DnDetKEU3EoV+9 3 | RhiacLFgrX/AaYyoLqFlbwPy1pMCCo8r1sdzQb58lRtupktTKVpUvvs+K+9aJ+mK 4 | /ClJJevg7kfmhiIPeW4VGnrJoMQeiK99cnfT/7+QH0BUGtBCzfaMOQIVAOY+aHjT 5 | uSxjiKVt961SAui/x8YtAoGBAJS8mP6tDDExzqdIuOwDhCj29vCHHlv+AtCJ/Ftp 6 | nhF3bJWXc+TF9btrhTCIEkGacHLZPX5P04gyg228nzLMCwNsYAzjETsdtmEp5HK8 7 | /RuIQZCS5yF4c9UmIdtSHsH0XWkZmS0CrumcfkNT7P/94KE5Vtyoz3iAWP9edFC5 8 | iQ+5 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsaparam_rootv3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PARAMETERS----- 2 | MIIBHgKBgQCIVokogo+cC6owZ81q2R5yx9AIEPXB4fanD7xKCz2NKmtM6rQH0ECy 3 | we2edJn+iQ7s8PFFV+W5550aZt7E5/niC8heMGK67lSpNFktqvCrMNwU6vL8Lvyt 4 | 5c7voNE1havw3B0YH/EsspmCyvi1pcGpAm2CrPdfndUyY9uY1H2QdwIVAOjLwC3c 5 | VswvLD3iaE+aSz/MAVvdAoGAe0s6C0r+3R1CuMiSKfppS9i01cz2O248VoVNd0Na 6 | BShvLfGjD2f/pb68rzNaBzlH0LQ3dglOmPPQOzkKr7dUGtI92rjRtPBzp7SqOgRa 7 | iPD/vvQNzDlkIKSg2z5zVsXE4QjNFtv8B3AF4//LIzXTrbXNbj1VG7FWIC1DyL2/ 8 | T2g= 9 | -----END DSA PARAMETERS----- 10 | -------------------------------------------------------------------------------- /resources/keys/dsarootv3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBugIBAAKBgQCIVokogo+cC6owZ81q2R5yx9AIEPXB4fanD7xKCz2NKmtM6rQH 3 | 0ECywe2edJn+iQ7s8PFFV+W5550aZt7E5/niC8heMGK67lSpNFktqvCrMNwU6vL8 4 | Lvyt5c7voNE1havw3B0YH/EsspmCyvi1pcGpAm2CrPdfndUyY9uY1H2QdwIVAOjL 5 | wC3cVswvLD3iaE+aSz/MAVvdAoGAe0s6C0r+3R1CuMiSKfppS9i01cz2O248VoVN 6 | d0NaBShvLfGjD2f/pb68rzNaBzlH0LQ3dglOmPPQOzkKr7dUGtI92rjRtPBzp7Sq 7 | OgRaiPD/vvQNzDlkIKSg2z5zVsXE4QjNFtv8B3AF4//LIzXTrbXNbj1VG7FWIC1D 8 | yL2/T2gCgYB9MqMlQXIvcm7yK76AzzePWohRcjvcg5PCEU/V0ICwVsJR9b9hm8K0 9 | bey9K3wFTT84r8cYYqV7537QnDPnsGqKy400HQyiPg5PhsGtquGk45XLd5zG5907 10 | tiAHqe5iZebSZ8aPKpmWqtAo4hh20ge8CyJL8KwPQBL76cfSGNa2OwIUTYxW3lY1 11 | 9izEdGNXSq0k8OLqSwk= 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp160k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGECAQAwEAYHKoZIzj0CAQYFK4EEAAkESjBIAgEBBBUAKDRDz88Gero2PLskehH5 3 | FJwEj4ahLAMqAASNN38NWgepd2W4Jr80Tq0nIxCmzNqtCftG2+2ZsZKkFEqerzte 4 | LWXF 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp160r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGECAQAwEAYHKoZIzj0CAQYFK4EEAAgESjBIAgEBBBUAjcNK2M1Sp04uEVjAUi5a 3 | s+oDjIqhLAMqAARDqq1z/ktcKb6ljj3BOym6ztBNE2gBJ7E8II94XwYAdl1v1Ppr 4 | LwJy 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp160r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGECAQAwEAYHKoZIzj0CAQYFK4EEAB4ESjBIAgEBBBUAstnUUCt6mmtbKdUOlTQ6 3 | Eosu8YahLAMqAATDobNKZfwH525Gz8NC8uWspvm0K6+nQObFLBdX5yyUlN0Lc8YN 4 | JcSf 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp192k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGwCAQAwEAYHKoZIzj0CAQYFK4EEAB8EVTBTAgEBBBiOXqCPqMdQYAWYDxnbnyjP 3 | VUO5zS8VulShNAMyAARAzbZd7UFKdXykS8u6HB+QuJFY7ynDF2ruf2JhCXJFOxDY 4 | RXI805KOiQDGw9Uam1E= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp224k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MHkCAQAwEAYHKoZIzj0CAQYFK4EEACAEYjBgAgEBBB0Am+1SKzCxOBR8sqhO7BIH 3 | FTuTWT3lyNVOIHWn0aE8AzoABEbSkHgjMOagpWWOGEpxechETIoG8RufXHjWawvE 4 | HsdFTEmEbzd3DqAd5s083NtYg1f3cYFZug54 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp224r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBwPSXpTyQG0vDSnPNlfLJuE 3 | 3krciGXSDRXT/5Y3oTwDOgAEKMeS645UU4WPCkzXdUUUeSliAEbAVv3ojM/L67+K 4 | whBUexLepdIc1AP2yP1Jr+vpBY8x8Zx9J/Y= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp256k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgSpkBFBkQTQHLZ4oovf6/ 3 | rIHkZW/ZnLR/ziV9juqzumihRANCAARfHGbSZb+oOxZgeeWOhoke1T5HqvolXSBl 4 | 2mMGkN1hz6+/mylU7ndJ8kADLvTzVFmQkpuJXaz30f0HqX3XHaSe 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp256r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg9pMy94dBmO1DCuj2 3 | LDAvMYkf/mCsc693E78k71QaoSahRANCAARxyCb2MUXUMUqiFv8YZySIuHI6b3Or 4 | fxMYIMoCtYtvDCY5fm1GGbvSXL/587Zpgjimv059FLV1M+ia7LbLaLmM 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp256r1_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgY2hIoq7SxMbatzAW 3 | DJeIWqQbxRPdqj3v2skuBD4TV+ChRANCAAT3fDeJAxLOjEpQA0A7ujsmtNVk7td7 4 | h+0EpdSbrXapTEfZRTOLA96VIs8BGsOb3+gi7Bj+aDSuTb0dr7C+R+uh 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp256r1_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqNVNqAM934r575cS 3 | qaW92v0vmm3fw5bYgok/5LoBOUahRANCAAReGnWpTGDlnBKa1GY5MyFDhpgXETdP 4 | jQzy3Uqy41M7XpI92e6I4AMrzvjqXJpi4okk1qIC1kmDTHL3BhpATCuo 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp256r1_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPG0eJJ+HvBb1qshW 3 | /+FNTG0VsLJ9SucKigIknLU3EB+hRANCAAR8YHel3FmKNwGVHSJXX6peYry9Thv+ 4 | H/RsDaq2AWGLcyUDj9MpzwUob1HtFCviPy9xgsE7HL6aUQS4tqRWdX7R 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp256r1_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2AGSxF9p5QjvTcTd 3 | HFQCZB+Oy2MbViGNlkdhjDHmUCqhRANCAARR4ivLTWrDKhhDRgWs2z4JZvhBJCTB 4 | YGmaJYPc11H+7GbMBhniuuVwebSFFaoTVcyo4+i4SoWq7MMeEf/K9exm 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp256r1_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgmg4J5OIDTXY+5oUg 3 | ig6S29ZtkrSGyqsaJSjZ6FFWsd2hRANCAAQq0bbAsakoRq26BiL6T+aVruURziIG 4 | /NX1Sf46u5Fedk6d4QRPFXsp1yP/Cr2EScOGq7LHNFQupbld5HMHTgZu 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp384r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCfhJaRFeoAV2q3bozQ 3 | PNijvySzgOr5EJIOtyGbq89AdPPMP8YJcNT2pgVxWr4l1dehZANiAAQ7VcW0T8NB 4 | WM9th5C1SfQ90OUv4VtVMaqW818DiwzAO6iIfEVvGwn/pmfq9XRbMxnRSvjI+loU 5 | UHAmcVLr+Jc4Qk19Dy9SsyEpJ3ceJVA5Sd+cx4sLOdPywlPmKfLsrH4= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /resources/keys/eckey_secp521r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAEn+zGOnACZSpvaPc 3 | P8l8PunHbNu5QLWBwUecaklO6+QOkNZiIq2kyU2bopa87RJfNeXxIHAmw52ANBC+ 4 | oRyvouuhgYkDgYYABAADLVqKH7WjPr8zcufjiO69LHYbheuvLe8Aa3UaTUS1QI2x 5 | 1TxrfV980H02ejLDAfrHooZURIoVjNMqkGjq4LLi1ABLeMezj5X5eFl0925pVgAn 6 | 9L5q9xUb+k7fXAhSRvGtxTR3dsRz0YGxE95NGAaiJQm/pbPA1PCZrAuJzDB+cqbW 7 | Mg== 8 | -----END PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect163k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBwD5Uam6dLISyJa4GlNCb 3 | ZZJmRByhLgMsAAQE6Q6cduYyiZJsLXjtqHlDJ4Za/a4A+NsSL8AxQrZ632s5TNe4 4 | VpO4n8A= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect163r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUANQUYq3E9dnb1lkhptKM2 3 | wIFnTQShLgMsAAQF7tf+wQCB1/QxdasK0pB9ZaLFObgHdPQZKB4yItvxMBloFm57 4 | yX5mLes= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect163r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUB5H3s4RHgF7qQwOyY7BvI 3 | Y6h2GsihLgMsAAQC/GbLK7HTD0YDpHJGi9SQwEeHuvoEoq9XFh+TStJr8Bh2g1Fm 4 | BXBCBqo= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect193r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkANA4YCUMvQ+VmBmDaoXyz 3 | 9ZLsHo682pOFoTYDNAAEANfAhZsUIDq06tqVL+UpMxggDfTP30uk1wBXo9luHlIH 4 | B5pPiZYEYCba3RDeJO3T8jE= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect193r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAbYs/FhXXdCJO8xP9mlm0 3 | huTgg8e68koeoTYDNAAEARrn8nhQkHnRE++naHVFMIwnKMrq9poHAwFcxJ86nmRh 4 | xK363aFJtvVr5uosRyhNK28= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect233k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0Mvmb1jjrmXxRc227OBm5v 3 | lgw5rS4klw6uvUDiT6FAAz4ABAERTtJBgwWGfCsgQ8/X2dfvYqmOK9qy04O+cXRO 4 | vgDj2L8XrI/tc06jAVHEfcPM0EhDqqa28hDqMnVvbQ== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect233r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4ANvyAry4g4LK0f0tvBVV6 3 | bF7Qx10OjK2zfVD1ytGhQAM+AAQA1sxO7ilVLY1UEviQCacv3l7G6JinmtcAHT+d 4 | BzsAm+2BmC39A9IxNe8GJG8bL83FXzQ+Qw8jFaJEoIQ= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect239k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4d5wQpLlRY3bhK7XbHZmRb 3 | YdYAqB/4Nzb4Z8zA/u+hQAM+AARX0JY35Azesyi1Jvn2S9kq+iD1uoI+VEa6T3Lz 4 | 5aIrmi8gx3Umy6kpuiqXS+2I4Mqzx3UCRmIOM/6/n3o= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect283k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAQXUKl2bppx7S04KKIgZ 3 | /jcBrCQuz49wJRnUIzHNs4kHioQqoUwDSgAEBQVf8ODLU04xCxsl4xI91QDog+mm 4 | 3iHiHhIdy4Zog/4JpLvAB2s6DsrM0l3VTWS6mZhbRYiGATE4hlLoAnNI6joJ4/SB 5 | IK+a 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect283r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAqu5FuN6lrfBWrsJhVyh 3 | 6VfTLApN3XO31EdyWHrN/69Z7fDgoUwDSgAEATdkfv0sQGIZB6Bt7Dw9xnc5DSUk 4 | UwbI/llUQydYQn5eJQwdBMW67E1exihsWJihYLRSE1SrXhlRrEHu5y1PVj0CgazZ 5 | M0GY 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect409k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMDTAGJ+yNsopPCelyr 3 | GU6tNp4g3ok053y8/k6PQWrB0Ff4UHa2ENb+zOVplD+b0rJQJDahbANqAAQBp7ig 4 | ysmeXDGaHu3pfFslss3QcMhFHJJvLv2rK1QsMPfukm6XiSjvTL/tIUlX8qFJO0gU 5 | ACWEbtdw6uIRyiat0738aOBazCVJ+8TTEPTt+JcJY1T+xGkMl3Xtl5fmUi31zrdS 6 | 3plAzw== 7 | -----END PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect409r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAof4rFA1mBNCYnwsZ 3 | 45Z4sbA5bhyG3Lw6C8YL8bhdbvIBdL3Hweawx9eqizqgxezSO2nRoWwDagAEAfOY 4 | K4Gfs+rdeqzgwptv3EpKI3bOLKr/wmhXWMGZ/0QzmvTRabTASt302NH5gmzcsqbm 5 | GQF5y9bXOiWr2ypBv2mmAYqRVjVguqO2GBY/+loaV8UvadSJQaVHwObeko9uf0QQ 6 | 9uO/PaM= 7 | -----END PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect571k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAZOhrbCNhTX4b4F6 3 | JI8vA1ncjdU8QvuQfLXvd/mw4kn7i0RKadvjssXlasAm7CA/wqRx2v27FNULl0ZW 4 | Ij2J2FxKYZZaQfItoYGVA4GSAAQG431WWx6WR3C6d5fSXf+ObqYGfOfTuFiDPBcr 5 | h25CwrqZBs5ro9zfPSlyXxAJi9tOZSCPQnOkmHmdvDr5hgsuGBhX7p+rswIGELP+ 6 | T8Gp3VOfWphK9R9M+17Exz3hbJmRawJ3AOvw4kMpobI0wN814eXrSg6YQPQN6T0u 7 | 6L8AZ4UFIaemXkjRtS477UlZ0Ng= 8 | -----END PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /resources/keys/eckey_sect571r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAL1mOVTK40eO9ctj 3 | z2C8PecVYo8jGTk8vMooLp2RDiizYqOVSRX2xklpGXwATQ4ZpITFkaRsBoC88if6 4 | qr3mq5eiKH7I5DRloYGVA4GSAAQHYQ1Z3BGWwSwHCqhFU2vUx0fCNKfJ4M3lpNjj 5 | 6rNXhuL5O1QfruhidNVnt0ExPFmrHa6heansB7lnl/W+SFWtqvhQlkGTJWAGRk0n 6 | opfJ6HsSxCZ+yVdnSxxwI4sA3LNWX3stjO1BsLY8Bs5Iur1JdMOmL3nD8FjkxTTo 7 | zfOjcB21NJcB+a7JvmmE4dLqBsk= 8 | -----END PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp160k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQACQ== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp160r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQACA== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp160r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAHg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp192k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAHw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp224k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIA== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp224r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIQ== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp256k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQACg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp256r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp256r1_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp256r1_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp256r1_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp256r1_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp256r1_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp384r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_secp521r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect163k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAAQ== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect163r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAAg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect163r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQADw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect193r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAGA== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect193r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAGQ== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect233k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAGg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect233r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAGw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect239k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAAw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect283k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAEA== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect283r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAEQ== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect409k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAJA== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect409r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAJQ== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect571k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAJg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecparam_sect571r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAJw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp160k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEjTd/DVoHqXdluCa/NE6tJyMQpszarQn7 3 | RtvtmbGSpBRKnq87Xi1lxQ== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp160r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEQ6qtc/5LXCm+pY49wTspus7QTRNoASex 3 | PCCPeF8GAHZdb9T6ay8Ccg== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp160r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEw6GzSmX8B+duRs/DQvLlrKb5tCuvp0Dm 3 | xSwXV+cslJTdC3PGDSXEnw== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp192k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEQM22Xe1BSnV8pEvLuhwfkLiRWO8pwxdq 3 | 7n9iYQlyRTsQ2EVyPNOSjokAxsPVGptR 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp224k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | ME4wEAYHKoZIzj0CAQYFK4EEACADOgAERtKQeCMw5qClZY4YSnF5yERMigbxG59c 3 | eNZrC8Qex0VMSYRvN3cOoB3mzTzc21iDV/dxgVm6Dng= 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp224r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEKMeS645UU4WPCkzXdUUUeSliAEbAVv3o 3 | jM/L67+KwhBUexLepdIc1AP2yP1Jr+vpBY8x8Zx9J/Y= 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp256k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEXxxm0mW/qDsWYHnljoaJHtU+R6r6JV0g 3 | ZdpjBpDdYc+vv5spVO53SfJAAy7081RZkJKbiV2s99H9B6l91x2kng== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp256r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEccgm9jFF1DFKohb/GGckiLhyOm9z 3 | q38TGCDKArWLbwwmOX5tRhm70ly/+fO2aYI4pr9OfRS1dTPomuy2y2i5jA== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp256r1_1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE93w3iQMSzoxKUANAO7o7JrTVZO7X 3 | e4ftBKXUm612qUxH2UUziwPelSLPARrDm9/oIuwY/mg0rk29Ha+wvkfroQ== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp256r1_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXhp1qUxg5ZwSmtRmOTMhQ4aYFxE3 3 | T40M8t1KsuNTO16SPdnuiOADK8746lyaYuKJJNaiAtZJg0xy9wYaQEwrqA== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp256r1_3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfGB3pdxZijcBlR0iV1+qXmK8vU4b 3 | /h/0bA2qtgFhi3MlA4/TKc8FKG9R7RQr4j8vcYLBOxy+mlEEuLakVnV+0Q== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp256r1_4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUeIry01qwyoYQ0YFrNs+CWb4QSQk 3 | wWBpmiWD3NdR/uxmzAYZ4rrlcHm0hRWqE1XMqOPouEqFquzDHhH/yvXsZg== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp256r1_5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKtG2wLGpKEatugYi+k/mla7lEc4i 3 | BvzV9Un+OruRXnZOneEETxV7Kdcj/wq9hEnDhquyxzRULqW5XeRzB04Gbg== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp384r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEO1XFtE/DQVjPbYeQtUn0PdDlL+FbVTGq 3 | lvNfA4sMwDuoiHxFbxsJ/6Zn6vV0WzMZ0Ur4yPpaFFBwJnFS6/iXOEJNfQ8vUrMh 4 | KSd3HiVQOUnfnMeLCznT8sJT5iny7Kx+ 5 | -----END PUBLIC KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_secp521r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAAy1aih+1oz6/M3Ln44juvSx2G4Xr 3 | ry3vAGt1Gk1EtUCNsdU8a31ffNB9NnoywwH6x6KGVESKFYzTKpBo6uCy4tQAS3jH 4 | s4+V+XhZdPduaVYAJ/S+avcVG/pO31wIUkbxrcU0d3bEc9GBsRPeTRgGoiUJv6Wz 5 | wNTwmawLicwwfnKm1jI= 6 | -----END PUBLIC KEY----- 7 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect163k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBOkOnHbmMomSbC147ah5QyeGWv2uAPjb 3 | Ei/AMUK2et9rOUzXuFaTuJ/A 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect163r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEBe7X/sEAgdf0MXWrCtKQfWWixTm4B3T0 3 | GSgeMiLb8TAZaBZue8l+Zi3r 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect163r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAvxmyyux0w9GA6RyRovUkMBHh7r6BKKv 3 | VxYfk0rSa/AYdoNRZgVwQgaq 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect193r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEANfAhZsUIDq06tqVL+UpMxggDfTP30uk 3 | 1wBXo9luHlIHB5pPiZYEYCba3RDeJO3T8jE= 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect193r2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEARrn8nhQkHnRE++naHVFMIwnKMrq9poH 3 | AwFcxJ86nmRhxK363aFJtvVr5uosRyhNK28= 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect233k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEARFO0kGDBYZ8KyBDz9fZ1+9iqY4r2rLT 3 | g75xdE6+AOPYvxesj+1zTqMBUcR9w8zQSEOqprbyEOoydW9t 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect233r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEANbMTu4pVS2NVBL4kAmnL95exuiYp5rX 3 | AB0/nQc7AJvtgZgt/QPSMTXvBiRvGy/NxV80PkMPIxWiRKCE 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect239k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEV9CWN+QM3rMotSb59kvZKvog9bqCPlRG 3 | uk9y8+WiK5ovIMd1JsupKboql0vtiODKs8d1AkZiDjP+v596 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect283k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBQVf8ODLU04xCxsl4xI91QDog+mm3iHi 3 | HhIdy4Zog/4JpLvAB2s6DsrM0l3VTWS6mZhbRYiGATE4hlLoAnNI6joJ4/SBIK+a 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect283r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEATdkfv0sQGIZB6Bt7Dw9xnc5DSUkUwbI 3 | /llUQydYQn5eJQwdBMW67E1exihsWJihYLRSE1SrXhlRrEHu5y1PVj0CgazZM0GY 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect409k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAae4oMrJnlwxmh7t6XxbJbLN0HDIRRyS 3 | by79qytULDD37pJul4ko70y/7SFJV/KhSTtIFAAlhG7XcOriEcomrdO9/GjgWswl 4 | SfvE0xD07fiXCWNU/sRpDJd17ZeX5lIt9c63Ut6ZQM8= 5 | -----END PUBLIC KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect409r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAfOYK4Gfs+rdeqzgwptv3EpKI3bOLKr/ 3 | wmhXWMGZ/0QzmvTRabTASt302NH5gmzcsqbmGQF5y9bXOiWr2ypBv2mmAYqRVjVg 4 | uqO2GBY/+loaV8UvadSJQaVHwObeko9uf0QQ9uO/PaM= 5 | -----END PUBLIC KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect571k1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQG431WWx6WR3C6d5fSXf+ObqYGfOfT 3 | uFiDPBcrh25CwrqZBs5ro9zfPSlyXxAJi9tOZSCPQnOkmHmdvDr5hgsuGBhX7p+r 4 | swIGELP+T8Gp3VOfWphK9R9M+17Exz3hbJmRawJ3AOvw4kMpobI0wN814eXrSg6Y 5 | QPQN6T0u6L8AZ4UFIaemXkjRtS477UlZ0Ng= 6 | -----END PUBLIC KEY----- 7 | -------------------------------------------------------------------------------- /resources/keys/ecpubkey_sect571r1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQHYQ1Z3BGWwSwHCqhFU2vUx0fCNKfJ 3 | 4M3lpNjj6rNXhuL5O1QfruhidNVnt0ExPFmrHa6heansB7lnl/W+SFWtqvhQlkGT 4 | JWAGRk0nopfJ6HsSxCZ+yVdnSxxwI4sA3LNWX3stjO1BsLY8Bs5Iur1JdMOmL3nD 5 | 8FjkxTTozfOjcB21NJcB+a7JvmmE4dLqBsk= 6 | -----END PUBLIC KEY----- 7 | -------------------------------------------------------------------------------- /resources/keys/ecrootv3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDudZVfUy1YqkhwF7n5 3 | lDpeD0C0l7kikbOVHhDowWMg4z2i5nUZT8YSYz9Odn34nw6hZANiAAS03q6tgRH+ 4 | rzLXftEw5UUV92XeYO65H1RIdeK7hPu74ml9xn7ar2AA6mH0CfsNN/ZA8qSY2hf5 5 | 8XRfTFxRLcaqImuIQVDz6TRvKWeMeXrAnXHl60nwibthEO/Nwr2mPhU= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /resources/keys/ecrootv3_param.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /resources/keys/ecrootv3_pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEtN6urYER/q8y137RMOVFFfdl3mDuuR9U 3 | SHXiu4T7u+JpfcZ+2q9gAOph9An7DTf2QPKkmNoX+fF0X0xcUS3GqiJriEFQ8+k0 4 | bylnjHl6wJ1x5etJ8Im7YRDvzcK9pj4V 5 | -----END PUBLIC KEY----- 6 | -------------------------------------------------------------------------------- /resources/keys/genkey.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | openssl genrsa -out rootv1.pem 2048; 4 | openssl genrsa -out rootv3.pem 2048; 5 | openssl ecparam -out ecrootv3_param.pem -name secp384r1; 6 | openssl genpkey -paramfile ecrootv3_param.pem -out ecrootv3.pem; 7 | openssl pkey -in ecrootv3.pem -pubout -out ecrootv3_pub.pem; 8 | openssl dsaparam -out dsaparam_rootv3.pem 1024; 9 | openssl gendsa -out dsarootv3.pem dsaparam_rootv3.pem; 10 | 11 | 12 | openssl genrsa -3 -out rsakey_weak512.pem 512; 13 | 14 | for i in `seq 1 10`; do 15 | openssl genrsa -out rsakey_${i}.pem 2048; 16 | done; 17 | 18 | for i in `seq 1 10`; do 19 | openssl dhparam -out dhparam_${i}.pem 1024; 20 | openssl genpkey -paramfile dhparam_${i}.pem -out dhkey_${i}.pem; 21 | openssl pkey -in dhkey_${i}.pem -pubout -out dhpubkey_${i}.pem; 22 | done; 23 | 24 | for i in `seq 1 10`; do 25 | openssl dsaparam -out dsaparam_${i}.pem 1024; 26 | openssl gendsa -out dsakey_${i}.pem dsaparam_${i}.pem; 27 | done; 28 | 29 | for i in `seq 1 5`; do 30 | openssl ecparam -out ecparam_secp256r1_${i}.pem -name secp256r1; 31 | openssl genpkey -paramfile ecparam_secp256r1_${i}.pem -out eckey_secp256r1_${i}.pem; 32 | openssl pkey -in eckey_secp256r1_${i}.pem -pubout -out ecpubkey_secp256r1_${i}.pem; 33 | done; -------------------------------------------------------------------------------- /resources/keys/p384-key-rogue.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIIB4wIBAQQwf///////////////////////////////47GmwPoblu+sDQbZJFhT 3 | vXZ2DLVmYpS6oIIBRDCCAUACAQEwPAYHKoZIzj0BAQIxAP////////////////// 4 | ///////////////////////+/////wAAAAAAAAAA/////zBkBDD///////////// 5 | /////////////////////////////v////8AAAAAAAAAAP////wEMLMxL6fiPufk 6 | mI4Fa+P4LRkYHZxu/oFBEgMUCI9QE4daxlY5jYou0Z0qhcjt0+wq7wRhBP4bLgID 7 | fXGBNVRPACBHlSfcR61wUI3mEQbmCz1SeUH/CY81X34vdWW14wu5qW6GgKT8v8t7 8 | KY45o644RCGyE3wIWcseD6bcGB5fpp5e/c+YilQkwhafn0zmXFQXVWLt5QIxAP// 9 | /////////////////////////////8djTYH0Ny3fWBoNskiwp3rs7BlqzMUpcwIB 10 | AaFkA2IABLTerq2BEf6vMtd+0TDlRRX3Zd5g7rkfVEh14ruE+7viaX3GftqvYADq 11 | YfQJ+w039kDypJjaF/nxdF9MXFEtxqoia4hBUPPpNG8pZ4x5esCdceXrSfCJu2EQ 12 | 783CvaY+FQ== 13 | -----END EC PRIVATE KEY----- -------------------------------------------------------------------------------- /resources/keys/rootv3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEA5lmjJM00z/eusmpMYl0fDL3j5mICcs/3UtZtqWcW5IAUCcu1 3 | RRO6sCUheRJFR5wABaISvQe17UrjEUV060cLgR30Kwbp/KZvfuG3QOtmK2xtfufr 4 | q8jtxHWr4SCRJb5WQCN1AMhPrPlYuwBvVd6CRUkejTt8iLSpGoJol9MnrV5nN3ny 5 | VGOwzgp4WIHvXVFNdmm+WcMrW80yZjDsdIp5XIXvMJtgzVwN97w05S6ARK8qnIOi 6 | UuhhZHRuywvi4UiTj/72yj9Oqsfd8w246lPHjViQATBPVY7/jFuiUbQ0d+cozslj 7 | p+BOUm2tQYiecE0cdKRVcOJl4LCkx8BxzU2rEQIDAQABAoIBAFQbHIdeac8Zd27r 8 | gxJTP/gOCX1gAdbb+kkDxCybWG98GFTvTTN4naydEhi7xBH+cr+bys28V//ZXQk8 9 | XBFf8mJlhnaDYsH+Hy2rypZonPhz8ZLpqVIi3jXiZSyhEH5AfguTJrBvczAMJwq4 10 | gO5QfS5BIWed9b2QgUINpZTx40XYRcj3WcgvmT4ELYxhBf1JTxkDXAGtY/0p8unl 11 | w8MxglTjHDWz7hsvZu0PZdACuNv0kzUEs5OpS+n7pHh+zJpAv1b/n0wH79iEtQIe 12 | eCK4yr47nttzfLwqXhpQIrZ8XfSr0Eo6BNIjMOobKpV3eTIak/Pap9uJTDN5ICk5 13 | 1IFVvHECgYEA/S8XXYRbrpxHSzBG9ewYpNzJ+v5ApQpaf/uOW3Y+qD5wkhjnYL/6 14 | Oj8JHDPE3WpYmGsWe+POt1v+AlMkKeKkbDQ7lW+e8h4Dfz3WQTlAyUC7Zfu2Rggd 15 | OcAxxS/EU+yq8fdA35suAG2qUUwKExdoBsWq6Em3MuzLCveK0QYKJG0CgYEA6OmH 16 | maR8LVAOOBL888pNkddhbH9YUAzk1iEQ7xBnzwmtUkzMIH/AnOi4ixM1/ywO1k2K 17 | 4pTVphqRoqdkYNyFQujJ72jy7rSUjbUaxZ2+PH+/e768Wmu9r13XBsZDJelO1yUi 18 | sw5rNqHdnb8wZZC4mbpqPkKedG3KPQthyGnzUrUCgYBoY1sh3qmic6LdeFk5mg+L 19 | IdFRYDUtFvi7Xe+S/EzXN29YfVYgyOaVz1mlPB8GH4vJxBVwHTwk05QGR1tYva6H 20 | Qn3yniQNtZxBgTBukfmJQNxDLyY29699GSYsJAaxh5nvy77+ss+js5OOk2hv+K2W 21 | ZTeTMJmNMJ6Ctg+RIQlbfQKBgFw6NO66+kz7GVZM9osWvZaVgcdzuaWhJXBBEbKI 22 | fYK3I0GmlWH9FGlNod24UrZjXNCxTeCg7OTkOmz8+bt9NuuiwGuj1CZ/rR9b6mj8 23 | KJtOPqWihnULmsX5U68kDOzTMNvyoYXjnMK6X8YaMfDV2LNO5MkYmiQiYWXAvwyc 24 | H7TNAoGAF1yYfGGH3DifbcOm1H0xLXyrbVKrtULVagwx1kVUxzoOfFn6azPoJ3OJ 25 | /+7z5nBsniF8EXU58N96ONcKxOlxA5c3WtyQi/R7L/se2KP35YeUoqus7dYC8/Za 26 | V4Ver0eBV8a0UJtbEkqof/rrQdYagNB9Jda9aRz+EwYe50SHp14= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /resources/keys/rsakey_weak512.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIBOgIBAAJBAMylZ5mIEV9EXZKnsmPrpJf4EfBzO7IKx4qk2gphAyWU1ztzRVjK 3 | LBgm8PlcWMmWhcqgLkJKUEX3kt9OSGM9GXkCAQMCQQCIbkURBWDqLZO3GnbtR8MP 4 | +ragTNJ2sdpcbeaxlgIZDLN62UOESR61XJKOUAB7VgY8wExzvH5ZhUBE0+c+P6xD 5 | AiEA7GJm6MlPy4/+GMrV2hb06f6V2QGjRmJyR74zt7SclSsCIQDdoMZ3SQyyeB38 6 | WQ59+aCScOnikwxMXT1qudy10UEB6wIhAJ2W70Xbioe1VBCHOTwPTfFUY+YBF4RB 7 | oYUpd8/NvbjHAiEAk8CET4YIdvq+qDte/qZrDEtGlwyy3ZN+RyaTI+DWAUcCIF6z 8 | jGMAxMzsWEcaalkOBllSY9nwob/91d7rZ5EL+NTs 9 | -----END RSA PRIVATE KEY----- 10 | --------------------------------------------------------------------------------