Comments (3)
polarathene
commented on June 15, 2024
CI (GitHub Actions) workflow runs for the test cases I had observed performance of locally (with --openssl /usr/bin/openssl) now cover the drwetter/testssl.sh:3.1dev image changed from Alpine 3.16 (OpenSSL 1.1) to Alpine 3.17 (OpenSSL 3.0) below.
Alpine 3.16 (199s):
ok 2 [Security] (TLS) (cipher lists) 'TLS_LEVEL=intermediate' + RSA in 34254ms
ok 3 [Security] (TLS) (cipher lists) 'TLS_LEVEL=intermediate' + ECDSA in 30780ms
ok 4 [Security] (TLS) (cipher lists) 'TLS_LEVEL=intermediate' + ECDSA with RSA fallback in 34941ms
ok 5 [Security] (TLS) (cipher lists) 'TLS_LEVEL=modern' + RSA in 32754ms
ok 6 [Security] (TLS) (cipher lists) 'TLS_LEVEL=modern' + ECDSA in 31752ms
ok 7 [Security] (TLS) (cipher lists) 'TLS_LEVEL=modern' + ECDSA with RSA fallback in 35344ms
Alpine 3.17 update (223s):
ok 2 [Security] (TLS) (cipher lists) 'TLS_LEVEL=intermediate' + RSA in 37618ms
ok 3 [Security] (TLS) (cipher lists) 'TLS_LEVEL=intermediate' + ECDSA in 35239ms
ok 4 [Security] (TLS) (cipher lists) 'TLS_LEVEL=intermediate' + ECDSA with RSA fallback in 39413ms
ok 5 [Security] (TLS) (cipher lists) 'TLS_LEVEL=modern' + RSA in 37449ms
ok 6 [Security] (TLS) (cipher lists) 'TLS_LEVEL=modern' + ECDSA in 36310ms
ok 7 [Security] (TLS) (cipher lists) 'TLS_LEVEL=modern' + ECDSA with RSA fallback in 37397ms
So local observations are likely to benefit the Github Actions CI runs by approx 15% as well if openssl1.1-compat were used instead.
from testssl.sh.
drwetter
commented on June 15, 2024
CI (GitHub Actions) workflow runs for the test cases I had observed performance of locally (with --openssl /usr/bin/openssl) now cover the drwetter/testssl.sh:3.1dev image
Probably I haven´t looked good enough at this. Any change in the Dockerimage which is not coherent with the pulled files is not something which I am really fond of -- for both the CI and the user image.
For the former case the point of the CI test is to test the binary. I´d rather skip one test there. And to the user the image should hand out the same as if it's pulled from the repo.
In next development stage (after 3.2) is usage of a different openssl version per default probably a good idea (TBC).
from testssl.sh.
polarathene
commented on June 15, 2024
When I was talking about CI, I meant the CI runs on a project I maintain where testssl.sh was used via the Docker image.
Any change in the Dockerimage which is not coherent with the pulled files is not something which I am really fond of -- for both the CI and the user image.
No change here. Just an additional package installed in the image that can be used with --openssl as an alternative binary.
The user running the image would explicitly provide that option and path to use the openssl1.1-compat binary.
And to the user the image should hand out the same as if it's pulled from the repo.
Sorry, I'm not following?
With the upgrade to Alpine 3.17 base image, OpenSSL is 3.x series, where as previously it was the 1.x series. This is not related to testssl.sh beyond Dockerfile.
A pull from this repo doesn't control the OpenSSL provided within the base image (or outside of Docker, whatever OpenSSL is on the host system).
It's all good to decline this request 👍
Main benefit is the observed 15% faster performance running testssl.sh with the OpenSSL 1.x series.
from testssl.sh.
Related Issues (20)
- [BUG / possible BUG] Fatal error: URI comes last HOT 2
- Censys changing their ToS. Links affected? HOT 1
- [Feature] HTML report add option to report like on terminal (dark) HOT 3
- question of cert_chain_of_trust HOT 1
- [BUG] HSTS header parsing does not accept spaces between directives
- [BUG] MongoDB identification HOT 2
- [BUG] Secure client initiated renegotiation timing bug HOT 3
- Anybody know github.com/testssl ? HOT 1
- Your account github.com/testssl
- [Feature request] query + show HTTPS DNS record (RFC 9460) HOT 4
- [Feature request] DNS CAA records: support checking for Extensions for Account URI and ACME Method Binding (RFC 8657) HOT 2
- [Feature request] Test Ciphers against Curvces
- [Feature request] Change DH_groups finding delimiter
- [Feature request] Verify support for long CilentHello messages HOT 4
- Issue Severity List HOT 1
- Why is RSA+SHA1 in the "TLS 1.2 sig.algs offered" list HOT 3
- Warnings cannot be turned off for batch testing HOT 8
- [BUG] Inconsistent bold in report HOT 2
- [BUG] Incorrectly showing TLS 1.0 and 1.1 as offered HOT 2
- [BUG / possible BUG] check for 3.0.8 on macOS and bash5 fails with probable known error HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from testssl.sh.