Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
9c1f970b wallet2: remember daemon address overrides when loading a new wallet (moneromooo-monero)
|
|
50e59cfa wallet2: reject zero keys in json input (moneromooo-monero)
|
|
bcae95a2 p2p: do not add recently failed addresses to the peerlist (moneromooo-monero)
|
|
019c1dc0 gitian-build.py: Fixing check for docker command. (Jonathan Cross)
|
|
ffe7165e wallet: reroll fake outs selection on local tx_sanity_check failure (xiphon)
|
|
0349347e ringdb: use a different iv for key and data in rings table (moneromooo-monero)
7b882087 simplewallet: reword mixin in user message in terms of ring size (moneromooo-monero)
f507a43a wallet2: do not remove known rings when a tx fails (moneromooo-monero)
|
|
d0641b42 net: fix incorrect less operator for top/i2p addresses (Aaron Hook)
|
|
02224e71 Fix check_fee() discrepancy. (UkoeHB)
|
|
a84131ce p2p: fix off by one adding fallback peers (moneromooo-monero)
|
|
66472074 Daemon: Guard against reporting "synchronized" too early (rbrunner7)
|
|
6772ce70 10 block time is for incoming outputs, not transactions (rating89us)
|
|
b818522d p2p: fix spurious warning when we're connected to at last one seed (moneromooo-monero)
|
|
36bdf402 p2p: fix adding wrong indices to the filtered peer list (moneromooo-monero)
|
|
aa93e388 p2p: remove old debug commands (Aaron Hook)
|
|
f8d76f39 core: move the LockedTXN class out of txpool so it may be reused (moneromooo-monero)
|
|
|
|
|
|
c075aa7 workaround for GetObject windows.h macro and rapidjson conflict (xiphon)
|
|
|
|
a26cbce easylogging++: fix 'ELPP_OS_EMSCRIPTEN is not defined' warning (xiphon)
|
|
for example, in the RPC server
|
|
0f78b06e Various improvements to the ZMQ JSON-RPC handling: (Lee Clagett)
|
|
a6c24412 wallet: fix exceptions getting the hash of a pruned tx (moneromooo-monero)
|
|
c11e64fc Gitian: Change lxc ip link (TheCharlatan)
|
|
0eac0c43 depends: set several missing build tags (moneromooo-monero)
|
|
352bd132 abstract_tcp_server2: guard against negative timeouts (moneromooo-monero)
|
|
4771a7ae p2p: remove obsolete local time in handshake (moneromooo-monero)
2fbbc4a2 p2p: avoid sending the same peer list over and over (moneromooo-monero)
3004835b epee: remove backward compatible endian specific address serialization (moneromooo-monero)
39a343d7 p2p: remove backward compatible peer list (moneromooo-monero)
60631802 p2p: simplify last_seen serialization now we have optional stores (moneromooo-monero)
9467b2e4 cryptonote_protocol: omit top 64 bits of difficulty when 0 (moneromooo-monero)
b595583f serialization: do not write optional fields with default value (moneromooo-monero)
5f98b46d p2p: remove obsolete local time from TIMED_SYNC (moneromooo-monero)
|
|
|
|
|
|
- Finding handling function in ZMQ JSON-RPC now uses binary search
- Temporary `std::vector`s in JSON output now use `epee::span` to
prevent allocations.
- Binary -> hex in JSON output no longer allocates temporary buffer
- C++ structs -> JSON skips intermediate DOM creation, and instead
write directly to an output stream.
|
|
21c3d42e p2p: drop the peerlist dump to TRACE (moneromooo-monero)
|
|
f717d593 wallet2: guard against race with multiple decrypt_keys users (moneromooo-monero)
|
|
a6a2ad6c simplewallet: set manual refresh mode in rescan_bc (moneromooo-monero)
|
|
94853487 easylogging++: add emscripten support (moneromooo-monero)
|
|
f1091c41 core_tests: remove some useless verbose logs (moneromooo-monero)
|
|
88b82bef simplewallet: point to "set help" in the lock screen message (moneromooo-monero)
f19c9f23 util: allow newlines in string to be split (moneromooo-monero)
|
|
69336931 rpc: fill miner_tx_hash again (moneromooo-monero)
|
|
81494e3f depends: empty spaces in PATH variable cause build failure (kozyilmaz)
|
|
716012ca rpc: drop the obsolete and wrong "unpruned size" log (moneromooo-monero)
|
|
ae84ec90 wallet-cli/rpc: allow sweep_all to use outputs in all subaddresses within an account (stoffu)
|
|
bc6d8aa3 Corrected message typo (palomato)
|
|
5cbb17b9 wallet2: fix hang in wallet refresh (moneromooo-monero)
|
|
987c3139 print_coinbase_tx_sum now supports 128 bits sums (moneromooo-monero)
|
|
d93e1dff simplewallet: warn on refresh if refresh-from-block-height seems off (moneromooo-monero)
|
|
c3613031 Silence miner debugmsg spam (Howard Chu)
|
|
a9bdc6e4 Improved performance for epee serialization: (Lee Clagett)
|
|
72ca7e3b Fix time comparison math (Jason Rhinelander)
|
|
a2578892 --disable-ban-rpc option to prevent RPC users from banning (naughtyfox)
|
|
94266eeb simplewallet: fix output age display with duplicate heights (moneromooo-monero)
f1d379d2 simplewallet: fix "outputs in same tx" detector (moneromooo-monero)
|
|
5985c5af rpc: add bad-blocks to flush_cache RPC (moneromooo-monero)
|
|
021cf733 ssl: server-side: allow multiple version of TLS (Bertrand Jacquin)
|
|
1d78db27 Add travis freebsd (TheCharlatan)
|
|
ef95a76d remove unused variable 'ptx' from on_describe_transfer() (woodser)
|
|
02b80513 unit_tests: remove invalid bulletproofs unit test (moneromooo-monero)
|
|
bcaa865 workflows: fix macOS build (selsta)
|
|
1af7d16 workflows: log test output on failure (xiphon)
|
|
a836f30 workflows: windows j3 -> j2 (selsta)
|
|
a3bddcd workflows: add libwallet compile check (selsta)
|
|
|
|
5f2a32c daemon: run with -rpc-payment-address and --rpc-restricted-bind-port (moneromooo-monero)
|
|
f812783 simplewallet: fix encrypted payment id note triggering on dummy ones (moneromooo-monero)
|
|
316ab7b wallet2: better error when restoring a wallet with the wrong keys (moneromooo-monero)
|
|
096a9db Wallet: Distingush amounts for a single subaddress (tmoravec)
|
|
0bae227 update readme to encourage joining #monero-dev (Gingeropolous)
|
|
f498dfc README: add Void Linux package dependencies (kevcrumb)
|
|
|
|
c2095fc2 miner: use verification mode for low diff one block nonce searches (moneromooo-monero)
|
|
|
|
This avoids lengthy init times when testing
|
|
2d1afceb net_ssl: load default certificates in CA mode on Windows (moneromooo-monero)
|
|
3813a992 download: catch exceptions checking for size (moneromooo-monero)
|
|
e896cca8 epee: reorder a couple init list fields to match declaration (moneromooo-monero)
|
|
7ac7d5d3 updates: fix source code URL on _WIN32 (selsta)
|
|
67b4a19e simplewallet: noob-friendly help menu (wowario)
|
|
4b384003 wallet2: don't try to lock an empty filename (moneromooo-monero)
|
|
b328de6b wallet_rpc_server: add tx weight in transfer commands responses (moneromooo-monero)
|
|
4d804443 Fixes a minor formatting error (TheGoose)
|
|
a633f85d daemon: allow printing N blocks from the end of the chain (moneromooo-monero)
|
|
7ba31191 daemon: add +meta print_tx parameter (moneromooo-monero)
|
|
236d2a88 blockchain_stats: make it work on pruned blockchains (moneromooo-monero)
|
|
b9fc2066 Add a --keep-fakechain option to keep fakechain databases (JamesWrigley)
|
|
22d30866 simplewallet: add missing inactivity-lock-timeout to set help blurb (moneromooo-monero)
9f57f0df simplewallet: do not mention inactivity if a lock was manual (moneromooo-monero)
|
|
d64e5aa7 wallet: allow message sign/verify for subaddresses (moneromooo-monero)
|
|
deb350b7 always print peer IDs in the same format (moneromooo-monero)
|
|
65301c40 core: point out when we hit the block rate visibility limit (moneromooo-monero)
|
|
2f8f3a94 rpc: base flush_cache request/response on the new base structs (moneromooo-monero)
|
|
b90c4bc3 rpc: error out from get_info if the proxied call errors out (moneromooo-monero)
fa16df99 make_test_signature: exit nicely on top level exception (moneromooo-monero)
054b2621 node_rpc_proxy: init some new rpc payment fields in invalidate (moneromooo-monero)
d0faae2a rpc: init a few missing client_info members (moneromooo-monero)
d56a483a rpc: do not propagate exceptions out of a dtor (moneromooo-monero)
3c849188 rpc: always set the update field in update on sucess (moneromooo-monero)
|
|
8a27645 blockchain: fix flushing txes from the txpool (moneromooo-monero)
|
|
|
|
|
|
Also removes a potential fingerprinting vector
|
|
Nodes remember which connections have been sent which peer addresses
and won't send it again. This causes more addresses to be sent as
the connection lifetime grows, since there is no duplication anymore,
which increases the diffusion speed of peer addresses. The whole
white list is now considered for sending, not just the most recent
seen peers. This further hardens against topology discovery, though
it will more readily send peers that have been last seen earlier
than it otherwise would. While this does save a fair amount of net
bandwidth, it makes heavy use of std::set lookups, which does bring
network_address::less up the profile, though not too aggressively.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
08635a08 blockchain: speedup fetching pruned contiguous tx blobs (moneromooo-monero)
|
|
56a4469e network: log traffic and add a simple traffic analysis script (moneromooo-monero)
|
|
dd8c6b17 wallet: do not split integrated addresses in address book api (moneromooo-monero)
|
|
|
|
|
|
2e58eb5c lmdb: Remove meaningless const qualifier on function type (Nathan Dorfman)
|
|
6f330865 fix tests bug added in #6110 (Dusan Klinec)
|
|
2aa80b1d build: autodetect MSYS2 install path, support non-standard location (xiphon)
|
|
957ae887 workflows: add build and test workflow (selsta)
|
|
dbcfae6f README: remove unmaintained build status (selsta)
|
|
cce4ea02 README: fix translation link (moneromooo-monero)
|
|
8231c7cd rpc: fix bootstrap RPC payment RPC being made in raw JSON, not JSON RPC (moneromooo-monero)
81c26589 rpc: don't auto fail RPC needing payment in bootstrap mode (moneromooo-monero)
|
|
d7cf8727 rpc: add received_timestamp for pool txes in gettransactions (moneromooo-monero)
|
|
dc589ef0 Add TheCharlatan pgp key (TheCharlatan)
|
|
bd6a5778 Gitian: Fix sigs generation (TheCharlatan)
|
|
f3e155ea add xiphon's GPG key (xiphon)
|
|
402dd207 db_lmdb: guard against non NUL terminated keys (moneromooo-monero)
|
|
3b419333 wallet: don't issue node rpc proxy requests in '--offline' mode (xiphon)
|
|
24adee4a p2p: don't request flags after closing connection (moneromooo-monero)
|
|
70c9cd3c Change to Tx diffusion (Dandelion++ fluff) instead of flooding (Lee Clagett)
|
|
9fe8a76c perf_timer: fix pause/resume macros dereferencing too much (moneromooo-monero)
|
|
- e.g., fixes gen_block_big_major_version test, error: generation failed: what=events not set, cannot compute valid RandomX PoW
- ask for events only if difficulty > 1 (when it really matters)
- throwing an exception changed to logging, so it is easy to spot a problem if tests start to fail.
|
|
|
|
1b2953f0 Add __pycache__ directory to .gitignore (Matt Smith)
|
|
0e0351c4 wallet_rpc_server: add count parameter to create_address (Matt Smith)
|
|
6efeefbc epee: set application/json MIME type on json errors (moneromooo-monero)
|
|
b9b5c473 threadpool: use std::move when taking an element off the queue (moneromooo-monero)
|
|
56dced2d translations: fix "monero_" prefix when taking languages from file (moneromooo-monero)
be3a4326 translations: find lrelease disguised as lrelease-qt5 (moneromooo-monero)
|
|
a7a40e28 Actually concatenate error strings. (Bert Peters)
|
|
b2ad757f Replace memset with memwipe. (Bert Peters)
|
|
6dec0013 simplewallet: fix restore height warning (selsta)
|
|
584d057f epee: fix console_handlers_binder race, wait for thread to finish (xiphon)
|
|
21d4c216 blockchain: error out if the builtin hashes data size is wrong (moneromooo-monero)
|
|
feef1c6a epee: fix peer ids being truncated on display (moneromooo-monero)
|
|
6f45cfa5 p2p: zero last seen timestamp when inserting a new peer (moneromooo-monero)
|
|
27522aaa core_tests: reset thread pool between tests (moneromooo-monero)
|
|
|
|
Because the user might do this for reasons unknown.
Values beyond l-1 will be reduced, so are accepted.
Reported by who-biz.
|
|
|
|
|
|
7c1d31b0 build: fix IOS, build blockchain_db and rpc, skip wallet_rpc_server (xiphon)
|
|
da6c807f tests: fix HF12 chaingen - construct bc object from events (Dusan Klinec)
|
|
0de8a0d3 wallet_rpc_server: new estimate_tx_size_and_weight RPC (moneromooo-monero)
|
|
Adding a new `amounts` field ot the output of `get_transfers` RPC
method. This field specifies individual payments made to a single
subaddress in a single transaction, e.g., made by this command:
transfer <addr1> <amount1> <addr1> <amount2>
|
|
|
|
The added condition "hshd.current_height >= target" guards against
reporting "synchronized" too early in the special situation that the
very first peer sending us data is synced to a lower height than
ourselves.
|
|
This is technically a record encrypted in two pieces,
so the iv needs to be different.
Some backward compatibility is added to read data written
by existing code, but new data is written with the new code.
|
|
|
|
Even if it fails, the ring composition is known to a potential
adversary, and so we should reuse the same ring next time
|
|
|
|
M100 = max{300kb, min{100block_median, m_long_term_effective_median_block_weight}}
not
M100 = max{300kb, m_long_term_effective_median_block_weight}
Fix base reward in get_dynamic_base_fee_estimate().
get_dynamic_base_fee_estimate() should match check_fee()
Fee is calculated based on block reward, and the reward penalty takes into account 0.5*max_block_weight (both before and after HF_VERSION_EFFECTIVE_SHORT_TERM_MEDIAN_IN_PENALTY).
Moved median calculation according to best practice of 'keep definitions close to where they are used'.
|
|
8e338e5 depends: update libsodium to 1.0.18 (TheCharlatan)
|
|
The code would ignore the first one to be added
|
|
f9b48b91c GPGKey: Add Snipa (Alexander Blair)
|
|
The ip link currently listed in the README no longer works on the newest
version of lxc shipped with ubuntu 18.04, this commit corrects this.
|
|
10 block lock time is for incoming outputs and not only incoming transactions (outgoing transaction has an incoming change output that is also locked for 10 blocks)
|
|
|
|
aa9ba30 add binaryFate's PGP key (binaryFate)
|
|
|
|
|
|
It was removed to save duplicated generation time, but it can
be copied from another instance instead
|
|
|
|
Adds GPG key for Alexander Blair (Snipa)
|
|
|
|
It's spammy
|
|
|
|
If more than one thread wants to make sure of the spend secret key,
then we decrypt on the first caller and reencrypt on the last caller,
otherwise we could use an invalid secret key.
|
|
|
|
Since we now get pruned data in the first place, the "unpruned" data
size will in fact be the pruned data size, leading to confusion
|
|
account
|
|
Message was "peer claims higher version that we think"
Requested change "peer claims higher version than we think"
|
|
If the hashes received would move the current blockchain past the
stop point, the short history would not be updated, since we do
not expect another loop, but the daemon might return earlier hashes,
causing the end index to not be enough to reach the threshold and
this require another loop, which will download the same hashes and
cause an infinite loop.
|
|
|
|
|
|
|
|
3b8dcc2 wallet2: make keys unlocker reentrant (moneromooo-monero)
|
|
5a44893 python-rpc: add missing strict_balances parameter for get_accounts (moneromooo-monero)
|
|
886ed25 blockchain: fix comment wrongly refering to SHA-3 rather than Keccak (moneromooo-monero)
|
|
017f816 daemon: handle printing higher hash rates (moneromooo-monero)
|
|
c96b7ee tx_pool: fix error message assuming incorrectly (moneromooo-monero)
|
|
45fd72b Updated paper references (SarangNoether)
277003f Minor prover simplification (SarangNoether)
|
|
261abf7 functional_tests: ensure mining stops on error in mining test (moneromooo-monero)
|
|
f49a8ca easylogging++: add screen.xterm-256color to the 'allow colour' TERM list (moneromooo-monero)
|
|
9768e96 simplewallet: remove remaining payment id dead code (moneromooo-monero)
|
|
dce6f05 rpc: Only show version string if it matches expected pattern (ndorf)
3293780 daemon: Use rpc for 'version' command (ndorf)
|
|
5d7ae2d Adding support for hidden (anonymity) txpool (vtnerd)
|
|
The tail emission will bring the total above 64 bits
|
|
Don't try to allocate the dataset repeatedly if it has already failed.
|
|
|
|
This ensures we get asked for the password if needed
|
|
Dividing `dt` here by 1e6 converts it to seconds, but that is clearly
wrong since `REQUEST_NEXT_SCHEDULED_SPAN_THRESHOLD_STANDBY` is measured
in microseconds. As a result, this if statement was effectively never
used.
|
|
|
|
boost::asio::ssl::context is created using specifically TLSv1.2, which
blocks the ability to use superior version of TLS like TLSv1.3.
Filtering is also made specially later in the code to remove unsafe
version for TLS such SSLv2, SSLv3 etc..
This change is removing double filtering to allow TLSv1.2 and above to
be used.
testssl.sh 3.0rc5 now reports the following (please note monerod was
built with USE_EXTRA_EC_CERT):
$ ./testssl.sh --openssl=/usr/bin/openssl \
--each-cipher --cipher-per-proto \
--server-defaults --server-preference \
--vulnerable --heartbleed --ccs --ticketbleed \
--robot --renegotiation --compression --breach \
--poodle --tls-fallback --sweet32 --beast --lucky13 \
--freak --logjam --drown --pfs --rc4 --full \
--wide --hints 127.0.0.1:38081
Using "OpenSSL 1.1.1d 10 Sep 2019" [~80 ciphers]
on ip-10-97-15-6:/usr/bin/openssl
(built: "Dec 3 21:14:51 2019", platform: "linux-x86_64")
Start 2019-12-03 21:51:25 -->> 127.0.0.1:38081 (127.0.0.1) <<--
rDNS (127.0.0.1): --
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 not offered
Testing for server implementation bugs
No bugs found.
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered (OK)
Average: SEED + 128+256 Bit CBC ciphers not offered
Strong encryption (AEAD ciphers) offered (OK)
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
PFS is offered (OK), ciphers follow (client/browser support is important here)
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448
Testing server preferences
Has server cipher order? yes (OK)
Negotiated protocol TLSv1.3
Negotiated cipher TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
Cipher order
TLSv1.2: ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "supported versions/#43" "key share/#51" "max fragment length/#1" "extended master secret/#23"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID: no
TLS clock skew Random values, no fingerprinting possible
Server Certificate #1 (in response to request w/o SNI)
Signature Algorithm SHA256 with RSA
Server key size RSA 4096 bits
Server key usage --
Server extended key usage --
Serial / Fingerprints 01 / SHA1 132E42981812F5575FA0AE64922B18A81B38C03F
SHA256 EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC
Common Name (CN) (no CN field in subject)
subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining
Issuer
Trust (hostname) certificate does not match supplied URI
Chain of trust NOT ok (self signed)
EV cert (experimental) no
"eTLS" (visibility info) not present
Certificate Validity (UTC) 181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51)
# of certificates provided 1
Certificate Revocation List --
OCSP URI --
NOT ok -- neither CRL nor OCSP URI provided
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered
Certificate Transparency --
Server Certificate #2 (in response to request w/o SNI)
Signature Algorithm ECDSA with SHA256
Server key size EC 256 bits
Server key usage --
Server extended key usage --
Serial / Fingerprints 01 / SHA1 E17B765DD8124525B1407E827B89A31FB167647D
SHA256 AFB7F44B1C33831F521357E5AEEB813044CB02532143E92D35650A3FF792A7C3
Common Name (CN) (no CN field in subject)
subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining
Issuer
Trust (hostname) certificate does not match supplied URI
Chain of trust NOT ok (self signed)
EV cert (experimental) no
"eTLS" (visibility info) not present
Certificate Validity (UTC) 181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51)
# of certificates provided 1
Certificate Revocation List --
OCSP URI --
NOT ok -- neither CRL nor OCSP URI provided
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered
Certificate Transparency --
Testing HTTP header response @ "/"
HTTP Status Code 404 Not found (Hint: supply a path which doesn't give a "404 Not found")
HTTP clock skew Got no HTTP time, maybe try different URL?
Strict Transport Security not offered
Public Key Pinning --
Server banner Epee-based
Application banner --
Cookie(s) (none issued at "/") -- maybe better try target URL of 30x
Security headers --
Reverse Proxy banner --
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible, no protocol below TLS 1.2 offered (OK)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC could help you to find out
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK)
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.3
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
Running client simulations (HTTP) via sockets
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.2.2 No connection
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 7.0 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519)
Android 8.1 (native) No connection
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Chrome 65 Win 7 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519)
Chrome 74 (Win 10) No connection
Firefox 62 Win 7 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519)
Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
IE 6 XP No connection
IE 7 Vista No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
Opera 60 (Win 10) No connection
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Tor 17.0.9 Win 7 No connection
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Java 9.0.4 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519)
OpenSSL 1.1.1b (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Thunderbird (60.6) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
|
|
The highlight check was based on height, so would highlight
any output at that height, resulting in several matches if
a fake out was picked at the same height as the real spend
|
|
It was comparing source txids, but txids were empty,
so all checks triggered
|
|
Flushes m_invalid_blocks in Blockchain.
|
|
This is upstream, but seems to have got lost in conflicts
when merging support for BSDs or android.
|
|
|
|
|
|
It was intended to check a case which is actually valid (0 gamma),
but was actually duplicating the bad amount test.
Reported by WhatDo_ on IRC.
|
|
|