results.txt

platform: OS X 10.12.2
runner: trytls 0.3.7 (CPython 3.6.0)
stub: ./run.sh
 PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443]
      output: HandshakeFailed (Error_Protocol ("bad SignatureRSA for ecdhparams",True,HandshakeFailure))
 PASS protect against the FREAK attack [reject www.ssllabs.com:10444]
      output: HandshakeFailed (Error_Packet_Parsing "handshake[HandshakeType_ServerKeyXchg]: parsing error: remaining bytes")
 FAIL protect against the Logjam attack [reject www.ssllabs.com:10445]
      output: 200 OK
 PASS support for TLS server name indication (SNI) [accept badssl.com:443]
      output: 200 OK
 PASS self-signed certificate [reject self-signed.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown))
 PASS expired certificate [reject expired.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired))
 PASS wrong hostname in certificate [reject wrong.host.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate rejected: [NameMismatch \"wrong.host.badssl.com\"]",True,CertificateUnknown))
 PASS SHA-256 signature algorithm [accept sha256.badssl.com:443]
      output: 200 OK
 PASS certificate with 1000 different Subject Alternative Names [accept 1000-sans.badssl.com:443]
      output: 200 OK
 PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))
 PASS Superfish CA [reject superfish.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))
 PASS eDellRoot CA [reject edellroot.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))
 PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))
 PASS untrusted root certificate [reject untrusted-root.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))
 FAIL denies use of RC4 ciphers (RFC 7465) [reject rc4.badssl.com:443]
      output: 200 OK
 FAIL denies use of RC4 with MD5 ciphers [reject rc4-md5.badssl.com:443]
      output: 200 OK
 PASS denies use of null cipher [reject null.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("expecting server hello, got alert : [(AlertLevel_Fatal,HandshakeFailure)]",True,HandshakeFailure))
 FAIL denies use of 480 bit Diffie-Hellman (DH) [reject dh480.badssl.com:443]
      output: 200 OK
 FAIL denies use of 512 bit Diffie-Hellman (DH) [reject dh512.badssl.com:443]
      output: 200 OK
 PASS valid certificate Common Name [accept domain-match.badtls.io:10000]
      output: 200 OK
 PASS valid wildcard certificate Common Name [accept wildcard-match.badtls.io:10001]
      output: 200 OK
 PASS support for Subject Alternative Name (SAN) [accept san-match.badtls.io:10002]
      output: 200 OK
 PASS TLS handshake with 1024 bit Diffie-Hellman (DH) [accept dh1024.badtls.io:10005]
      output: 200 OK
 PASS certificate expired in year 1963 [reject expired-1963.badtls.io:11000]
      output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired))
 PASS certificate validity starts in future [reject future.badtls.io:11001]
      output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired))
 PASS mismatch in certificate's Common Name [reject domain-mismatch.badtls.io:11002]
      output: HandshakeFailed (Error_Protocol ("certificate rejected: [NameMismatch \"domain-mismatch.badtls.io\"]",True,CertificateUnknown))
 PASS Subject Alternative Name (SAN) mismatch [reject san-mismatch.badtls.io:11003]
      output: HandshakeFailed (Error_Protocol ("certificate rejected: [NameMismatch \"san-mismatch.badtls.io\"]",True,CertificateUnknown))
 FAIL certificate has invalid key usage for HTTPS connection [reject bad-key-usage.badtls.io:11005]
      output: 200 OK
 PASS expired certificate [reject expired.badtls.io:11006]
      output: HandshakeFailed (Error_Protocol ("certificate has expired",True,CertificateExpired))
 PASS invalid wildcard certificate Common Name [reject wildcard.mismatch.badtls.io:11007]
      output: HandshakeFailed (Error_Protocol ("certificate rejected: [NameMismatch \"wildcard.mismatch.badtls.io\"]",True,CertificateUnknown))
 FAIL denies use of RC4 ciphers (RFC 7465) [reject rc4.badtls.io:11008]
      output: 200 OK
 FAIL denies use of MD5 signature algorithm (RFC 6151) [reject weak-sig.badtls.io:11004]
      output: 200 OK
 FAIL denies use of RC4 with MD5 ciphers [reject rc4-md5.badtls.io:11009]
      output: 200 OK
 PASS valid localhost certificate [accept localhost:<temp port>]
      output: 200 OK
 PASS invalid localhost certificate [reject localhost:<temp port>]
      output: HandshakeFailed (Error_Protocol ("certificate rejected: [NameMismatch \"localhost\"]",True,CertificateUnknown))
 PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443]
      output: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))