0000: 23 20 47 72 6f 75 70 2c 4e 61 6d 65 2c 43 6f 6e # Group,Name,Con
0010: 73 74 72 61 69 6e 74 73 2c 53 65 74 75 70 2c 42 straints,Setup,B
0020: 6f 64 79 2c 43 6c 65 61 6e 75 70 2c 4d 61 74 63 ody,Cleanup,Matc
0030: 68 2c 52 65 73 75 6c 74 2c 4f 75 74 70 75 74 2c h,Result,Output,
0040: 45 72 72 6f 72 20 4f 75 74 70 75 74 2c 52 65 74 Error Output,Ret
0050: 75 72 6e 20 43 6f 64 65 73 0a 63 6f 6d 6d 61 6e urn Codes.comman
0060: 64 2c 70 61 63 6b 61 67 65 20 70 72 65 66 65 72 d,package prefer
0070: 20 6c 61 74 65 73 74 2c 2c 2c 2c 2c 2c 2c 2c 2c latest,,,,,,,,,
0080: 0a 63 6f 6d 6d 61 6e 64 2c 70 61 63 6b 61 67 65 .command,package
0090: 20 72 65 71 75 69 72 65 20 74 6c 73 2c 2c 2c 2c require tls,,,,
00a0: 2c 2c 2c 2c 2c 0a 2c 2c 2c 2c 2c 2c 2c 2c 2c 2c ,,,,,.,,,,,,,,,,
00b0: 0a 63 6f 6d 6d 61 6e 64 2c 23 20 43 6f 6e 73 74 .command,# Const
00c0: 72 61 69 6e 74 73 2c 2c 2c 2c 2c 2c 2c 2c 2c 0a raints,,,,,,,,,.
00d0: 63 6f 6d 6d 61 6e 64 2c 73 6f 75 72 63 65 20 5b command,source [
00e0: 66 69 6c 65 20 6a 6f 69 6e 20 5b 66 69 6c 65 20 file join [file
00f0: 64 69 72 6e 61 6d 65 20 5b 69 6e 66 6f 20 73 63 dirname [info sc
0100: 72 69 70 74 5d 5d 20 63 6f 6d 6d 6f 6e 2e 74 63 ript]] common.tc
0110: 6c 5d 2c 2c 2c 2c 2c 2c 2c 2c 2c 0a 2c 2c 2c 2c l],,,,,,,,,.,,,,
0120: 2c 2c 2c 2c 2c 2c 0a 63 6f 6d 6d 61 6e 64 2c 23 ,,,,,,.command,#
0130: 20 48 65 6c 70 65 72 20 66 75 6e 63 74 69 6f 6e Helper function
0140: 73 2c 2c 2c 2c 2c 2c 2c 2c 2c 0a 63 6f 6d 6d 61 s,,,,,,,,,.comma
0150: 6e 64 2c 73 65 74 20 3a 3a 63 61 66 69 6c 65 20 nd,set ::cafile
0160: 5b 66 69 6c 65 20 6a 6f 69 6e 20 5b 70 77 64 5d [file join [pwd]
0170: 20 63 65 72 74 73 20 63 61 63 65 72 74 2e 70 65 certs cacert.pe
0180: 6d 5d 2c 2c 2c 2c 2c 2c 2c 2c 2c 0a 63 6f 6d 6d m],,,,,,,,,.comm
0190: 61 6e 64 2c 73 65 74 20 3a 3a 65 6e 76 28 53 53 and,set ::env(SS
01a0: 4c 5f 43 45 52 54 5f 46 49 4c 45 29 20 24 3a 3a L_CERT_FILE) $::
01b0: 63 61 66 69 6c 65 2c 2c 2c 2c 2c 2c 2c 2c 2c 0a cafile,,,,,,,,,.
01c0: 63 6f 6d 6d 61 6e 64 2c 22 70 72 6f 63 20 63 6f command,"proc co
01d0: 6e 6e 65 63 74 20 7b 75 72 6c 7d 20 7b 0a 20 20 nnect {url} {.
01e0: 20 20 73 65 74 20 70 6f 72 74 20 34 34 33 0a 20 set port 443.
01f0: 20 20 20 6c 61 73 73 69 67 6e 20 5b 73 70 6c 69 lassign [spli
0200: 74 20 24 75 72 6c 20 22 22 3a 22 22 5d 20 75 72 t $url "":""] ur
0210: 6c 20 70 6f 72 74 0a 20 20 20 20 69 66 20 7b 24 l port. if {$
0220: 70 6f 72 74 20 65 71 20 22 22 22 22 7d 20 7b 0a port eq """"} {.
0230: 09 73 65 74 20 70 6f 72 74 20 34 34 33 0a 20 20 .set port 443.
0240: 20 20 7d 0a 20 20 20 20 73 65 74 20 63 68 20 5b }. set ch [
0250: 74 6c 73 3a 3a 73 6f 63 6b 65 74 20 2d 61 75 74 tls::socket -aut
0260: 6f 73 65 72 76 65 72 6e 61 6d 65 20 31 20 2d 72 oservername 1 -r
0270: 65 71 75 69 72 65 20 31 20 2d 63 61 66 69 6c 65 equire 1 -cafile
0280: 20 24 3a 3a 63 61 66 69 6c 65 20 24 75 72 6c 20 $::cafile $url
0290: 24 70 6f 72 74 5d 0a 20 20 20 20 69 66 20 7b 5b $port]. if {[
02a0: 63 61 74 63 68 20 7b 74 6c 73 3a 3a 68 61 6e 64 catch {tls::hand
02b0: 73 68 61 6b 65 20 24 63 68 7d 20 65 72 72 5d 7d shake $ch} err]}
02c0: 20 7b 0a 09 63 6c 6f 73 65 20 24 63 68 0a 09 72 {..close $ch..r
02d0: 65 74 75 72 6e 20 2d 63 6f 64 65 20 65 72 72 6f eturn -code erro
02e0: 72 20 24 65 72 72 0a 20 20 20 20 7d 20 65 6c 73 r $err. } els
02f0: 65 20 7b 0a 09 63 6c 6f 73 65 20 24 63 68 0a 20 e {..close $ch.
0300: 20 20 20 7d 0a 7d 22 2c 2c 2c 2c 2c 2c 2c 2c 2c }.}",,,,,,,,,
0310: 0a 2c 2c 2c 2c 2c 2c 2c 2c 2c 2c 0a 63 6f 6d 6d .,,,,,,,,,,.comm
0320: 61 6e 64 2c 23 20 63 6c 69 65 6e 74 74 65 73 74 and,# clienttest
0330: 2e 73 73 6c 6c 61 62 73 2e 63 6f 6d 20 54 65 73 .ssllabs.com Tes
0340: 74 73 2c 2c 2c 2c 2c 2c 2c 2c 2c 0a 53 53 4c 4c ts,,,,,,,,,.SSLL
0350: 61 62 73 2c 43 56 45 2d 32 30 32 30 2d 30 36 30 abs,CVE-2020-060
0360: 31 20 28 43 75 72 76 65 42 61 6c 6c 29 20 56 75 1 (CurveBall) Vu
0370: 6c 6e 65 72 61 62 69 6c 69 74 79 2c 77 69 6e 20 lnerability,win
0380: 4f 70 65 6e 53 53 4c 31 2e 31 2e 31 2c 2c 63 6f OpenSSL1.1.1,,co
0390: 6e 6e 65 63 74 20 77 77 77 2e 73 73 6c 6c 61 62 nnect www.ssllab
03a0: 73 2e 63 6f 6d 3a 31 30 34 34 36 2c 2c 2c 22 68 s.com:10446,,,"h
03b0: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a andshake failed:
03c0: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 certificate ver
03d0: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 ify failed due t
03e0: 6f 20 22 22 73 65 6c 66 20 73 69 67 6e 65 64 20 o ""self signed
03f0: 63 65 72 74 69 66 69 63 61 74 65 20 69 6e 20 63 certificate in c
0400: 65 72 74 69 66 69 63 61 74 65 20 63 68 61 69 6e ertificate chain
0410: 22 22 22 2c 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c """,,,1.SSLLabs,
0420: 43 56 45 2d 32 30 32 30 2d 30 36 30 31 20 28 43 CVE-2020-0601 (C
0430: 75 72 76 65 42 61 6c 6c 29 20 56 75 6c 6e 65 72 urveBall) Vulner
0440: 61 62 69 6c 69 74 79 2c 77 69 6e 20 21 4f 70 65 ability,win !Ope
0450: 6e 53 53 4c 31 2e 31 2e 31 2c 2c 63 6f 6e 6e 65 nSSL1.1.1,,conne
0460: 63 74 20 77 77 77 2e 73 73 6c 6c 61 62 73 2e 63 ct www.ssllabs.c
0470: 6f 6d 3a 31 30 34 34 36 2c 2c 2c 22 68 61 6e 64 om:10446,,,"hand
0480: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 shake failed: ce
0490: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 rtificate verify
04a0: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 failed due to "
04b0: 22 73 65 6c 66 2d 73 69 67 6e 65 64 20 63 65 72 "self-signed cer
04c0: 74 69 66 69 63 61 74 65 20 69 6e 20 63 65 72 74 tificate in cert
04d0: 69 66 69 63 61 74 65 20 63 68 61 69 6e 22 22 22 ificate chain"""
04e0: 2c 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c 43 56 45 ,,,1.SSLLabs,CVE
04f0: 2d 32 30 32 30 2d 30 36 30 31 20 28 43 75 72 76 -2020-0601 (Curv
0500: 65 42 61 6c 6c 29 20 56 75 6c 6e 65 72 61 62 69 eBall) Vulnerabi
0510: 6c 69 74 79 2c 6d 61 63 2c 2c 63 6f 6e 6e 65 63 lity,mac,,connec
0520: 74 20 77 77 77 2e 73 73 6c 6c 61 62 73 2e 63 6f t www.ssllabs.co
0530: 6d 3a 31 30 34 34 36 2c 2c 2c 22 68 61 6e 64 73 m:10446,,,"hands
0540: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 hake failed: cer
0550: 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 tificate verify
0560: 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 22 failed due to ""
0570: 73 65 6c 66 2d 73 69 67 6e 65 64 20 63 65 72 74 self-signed cert
0580: 69 66 69 63 61 74 65 20 69 6e 20 63 65 72 74 69 ificate in certi
0590: 66 69 63 61 74 65 20 63 68 61 69 6e 22 22 22 2c ficate chain""",
05a0: 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c 43 56 45 2d ,,1.SSLLabs,CVE-
05b0: 32 30 32 30 2d 30 36 30 31 20 28 43 75 72 76 65 2020-0601 (Curve
05c0: 42 61 6c 6c 29 20 56 75 6c 6e 65 72 61 62 69 6c Ball) Vulnerabil
05d0: 69 74 79 2c 75 6e 69 78 20 21 6d 61 63 2c 2c 63 ity,unix !mac,,c
05e0: 6f 6e 6e 65 63 74 20 77 77 77 2e 73 73 6c 6c 61 onnect www.sslla
05f0: 62 73 2e 63 6f 6d 3a 31 30 34 34 36 2c 2c 2c 22 bs.com:10446,,,"
0600: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 handshake failed
0610: 3a 20 64 65 63 6f 64 65 20 65 72 72 6f 72 20 64 : decode error d
0620: 75 65 20 74 6f 20 22 22 75 6e 61 62 6c 65 20 74 ue to ""unable t
0630: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 o get local issu
0640: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 22 er certificate""
0650: 22 2c 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c 4c 6f ",,,1.SSLLabs,Lo
0660: 67 6a 61 6d 20 56 75 6c 6e 65 72 61 62 69 6c 69 gjam Vulnerabili
0670: 74 79 2c 77 69 6e 20 4f 70 65 6e 53 53 4c 33 2e ty,win OpenSSL3.
0680: 30 2c 2c 63 6f 6e 6e 65 63 74 20 77 77 77 2e 73 0,,connect www.s
0690: 73 6c 6c 61 62 73 2e 63 6f 6d 3a 31 30 34 34 35 sllabs.com:10445
06a0: 2c 2c 2c 22 68 61 6e 64 73 68 61 6b 65 20 66 61 ,,,"handshake fa
06b0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 iled: certificat
06c0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 e verify failed
06d0: 64 75 65 20 74 6f 20 22 22 75 6e 61 62 6c 65 20 due to ""unable
06e0: 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 to get local iss
06f0: 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 uer certificate"
0700: 22 22 2c 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c 4c "",,,1.SSLLabs,L
0710: 6f 67 6a 61 6d 20 56 75 6c 6e 65 72 61 62 69 6c ogjam Vulnerabil
0720: 69 74 79 2c 75 6e 69 78 20 4f 70 65 6e 53 53 4c ity,unix OpenSSL
0730: 33 2e 30 2c 2c 63 6f 6e 6e 65 63 74 20 77 77 77 3.0,,connect www
0740: 2e 73 73 6c 6c 61 62 73 2e 63 6f 6d 3a 31 30 34 .ssllabs.com:104
0750: 34 35 2c 2c 2c 68 61 6e 64 73 68 61 6b 65 20 66 45,,,handshake f
0760: 61 69 6c 65 64 3a 20 64 68 20 6b 65 79 20 74 6f ailed: dh key to
0770: 6f 20 73 6d 61 6c 6c 2c 2c 2c 31 0a 53 53 4c 4c o small,,,1.SSLL
0780: 61 62 73 2c 4c 6f 67 6a 61 6d 20 56 75 6c 6e 65 abs,Logjam Vulne
0790: 72 61 62 69 6c 69 74 79 2c 77 69 6e 20 4f 70 65 rability,win Ope
07a0: 6e 53 53 4c 33 2e 32 2c 2c 63 6f 6e 6e 65 63 74 nSSL3.2,,connect
07b0: 20 77 77 77 2e 73 73 6c 6c 61 62 73 2e 63 6f 6d www.ssllabs.com
07c0: 3a 31 30 34 34 35 2c 2c 2c 68 61 6e 64 73 68 61 :10445,,,handsha
07d0: 6b 65 20 66 61 69 6c 65 64 3a 20 75 6e 6b 6e 6f ke failed: unkno
07e0: 77 6e 20 73 65 63 75 72 69 74 79 20 62 69 74 73 wn security bits
07f0: 2c 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c 4c 6f 67 ,,,1.SSLLabs,Log
0800: 6a 61 6d 20 56 75 6c 6e 65 72 61 62 69 6c 69 74 jam Vulnerabilit
0810: 79 2c 75 6e 69 78 20 21 6d 61 63 20 4f 70 65 6e y,unix !mac Open
0820: 53 53 4c 33 2e 32 2c 2c 63 6f 6e 6e 65 63 74 20 SSL3.2,,connect
0830: 77 77 77 2e 73 73 6c 6c 61 62 73 2e 63 6f 6d 3a www.ssllabs.com:
0840: 31 30 34 34 35 2c 2c 2c 68 61 6e 64 73 68 61 6b 10445,,,handshak
0850: 65 20 66 61 69 6c 65 64 3a 20 75 6e 6b 6e 6f 77 e failed: unknow
0860: 6e 20 73 65 63 75 72 69 74 79 20 62 69 74 73 2c n security bits,
0870: 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c 4c 6f 67 6a ,,1.SSLLabs,Logj
0880: 61 6d 20 56 75 6c 6e 65 72 61 62 69 6c 69 74 79 am Vulnerability
0890: 2c 6d 61 63 20 4f 70 65 6e 53 53 4c 33 2e 32 2c ,mac OpenSSL3.2,
08a0: 2c 63 6f 6e 6e 65 63 74 20 77 77 77 2e 73 73 6c ,connect www.ssl
08b0: 6c 61 62 73 2e 63 6f 6d 3a 31 30 34 34 35 2c 2c labs.com:10445,,
08c0: 2c 22 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c ,"handshake fail
08d0: 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 ed: certificate
08e0: 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 verify failed du
08f0: 65 20 74 6f 20 22 22 75 6e 61 62 6c 65 20 74 6f e to ""unable to
0900: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65 get local issue
0910: 72 20 63 65 72 74 69 66 69 63 61 74 65 22 22 22 r certificate"""
0920: 2c 2c 2c 31 0a 53 53 4c 4c 61 62 73 2c 46 52 45 ,,,1.SSLLabs,FRE
0930: 41 4b 20 56 75 6c 6e 65 72 61 62 69 6c 69 74 79 AK Vulnerability
0940: 2c 2c 2c 63 6f 6e 6e 65 63 74 20 77 77 77 2e 73 ,,,connect www.s
0950: 73 6c 6c 61 62 73 2e 63 6f 6d 3a 31 30 34 34 34 sllabs.com:10444
0960: 2c 2c 2c 68 61 6e 64 73 68 61 6b 65 20 66 61 69 ,,,handshake fai
0970: 6c 65 64 3a 20 75 6e 73 75 70 70 6f 72 74 65 64 led: unsupported
0980: 20 70 72 6f 74 6f 63 6f 6c 2c 2c 2c 31 0a 53 53 protocol,,,1.SS
0990: 4c 4c 61 62 73 2c 50 4f 4f 44 4c 45 20 56 75 6c LLabs,POODLE Vul
09a0: 6e 65 72 61 62 69 6c 69 74 79 2c 2c 2c 63 6f 6e nerability,,,con
09b0: 6e 65 63 74 20 77 77 77 2e 73 73 6c 6c 61 62 73 nect www.ssllabs
09c0: 2e 63 6f 6d 3a 31 30 34 34 33 2c 2c 2c 68 61 6e .com:10443,,,han
09d0: 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 75 dshake failed: u
09e0: 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f nsupported proto
09f0: 63 6f 6c 2c 2c 2c 31 0a col,,,1.