Fix spelling

Author: a1346054

CHANGELOG.md

@@ -21,7 +21,7 @@
 * Detect better when no STARTTLS is offered
 * Rating (SSL Labs, not complete)
 * Don't penalize missing trust in rating when CA not in Java store
-* Added support for certificates with EdDSA signatures and pubilc keys
+* Added support for certificates with EdDSA signatures and public keys
 * --add-ca can also now be a directory with \*.pem files
 * Warning of 398 day limit for certificates issued after 2020/9/1
 * Added environment variable for amount of attempts for ssl renegotiation check
@@ -48,7 +48,7 @@
 * Socket timeouts (``--connect-timeout``)
 * IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
 * Initial support for certificate compression
-* Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate
+* Better JSON output: renamed IDs and findings shorter/better parsable, also includes certificate
 * JSON output now valid also for non-responding servers
 * Testing now per default 370 ciphers
 * Further improving the robustness of TLS sockets (sending and parsing)
@@ -82,7 +82,7 @@
 * Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL
 * Support for SNI and STARTTLS
 * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS caused problems)
-* Renegotiation checks improved, also no false potive for Node.js anymore
+* Renegotiation checks improved, also no false positive for Node.js anymore
 * Major update of client simulations with self-collected up-to-date data
 * Update of CA certificate stores
 * Lots of bug fixes
@@ -93,7 +93,7 @@
 
 * Way better coverage of ciphers as most checks are done via bash sockets where ever possible
 * Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness)
-* Testing 359 default ciphers (``testssl.sh -e/-E``) with a mixture of sockets and openssl. Same speed as with openssl only but addtional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
+* Testing 359 default ciphers (``testssl.sh -e/-E``) with a mixture of sockets and openssl. Same speed as with openssl only but additional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
 * TLS 1.2 protocol check via sockets in production
 * Finding more TLS extensions via sockets
 * TLS Supported Groups Registry (RFC 7919), key shares extension
@@ -137,7 +137,7 @@
 * Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems
 * Considerable speed improvements for each cipher runs (-e/-E)
 * More robust SSLv2 + TLS socket interface
-* seperate check for curves
+* separate check for curves
 * OpenSSL 1.1.0 compliant
 * check for DROWN
 * Whole number of bugs squashed
@@ -156,7 +156,7 @@
   * (HTTP) proxy support! Also with sockets -- thx @jnewbigin
   * Extended validation certificate detection
   * Run in default mode through all ciphers at the end of a default run
-  * will test multiple IP adresses of one supplied server name in one shot, --ip= restricts it accordingly
+  * will test multiple IP addresses of one supplied server name in one shot, --ip= restricts it accordingly
   * new mass testing file option --file option where testssl.sh commands are being read from, see https://twitter.com/drwetter/status/627619848344989696
   * TLS time and HTTP time stamps
   * TLS time displayed also for STARTTLS protocols
@@ -212,7 +212,7 @@ Full changelog @  https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
   * tests ciphers per protocol
   * HSTS
   * web and application server banner
-  * server prefereences
+  * server preferences
   * TLS server extensions
   * server key size
   * cipher suite mapping from openssl to RFC
@@ -225,10 +225,10 @@ Full changelog @  https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
 - IPv6 display fix
 
 1.111
-- NEW: tested unter FreeBSD (works with exception of xxd in CCS)
+- NEW: tested under FreeBSD (works with exception of xxd in CCS)
 - getent now works under Linux and FreeBSD
 - sed -i in hsts sacrificed for compatibility
-- reomved query for IP for finishing banner, is now called once in parse_hn_port
+- removed query for IP for finishing banner, is now called once in parse_hn_port
 - GOST warning after banner
 - empty build date is not displayed anymore
 - long build date strings minimized
@@ -318,7 +318,7 @@ Full changelog @  https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
 1.91
 - replaced most lcyan to brown (=not really bad but somehow)
 - empty server string better displayed
-- prefered CBC TLS 1.2 cipher is now brown (lucky13)
+- preferred CBC TLS 1.2 cipher is now brown (lucky13)
 
 1.90
 - fix for netweaver banner (server is lowercase)
@@ -327,7 +327,7 @@ Full changelog @  https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
 
 1.89
 - reordered! : protocols + cipher come first
-- colorized prefered server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
+- colorized preferred server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
 - SSLv3 is now light cyan
 - NEW: -P|--preference now in help menu
 - light cyan is more appropriate than red for HSTS
@@ -362,10 +362,10 @@ Full changelog @  https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
 - headline of -V / PFS+RC4 ciphers unified
 
 1.82
-- NEW: output for -V now better (bits seperate, spacing improved)
+- NEW: output for -V now better (bits separate, spacing improved)
 
 1.81
-- output for RC4+PFS now better (with headline, bits seperate, spacing improved)
+- output for RC4+PFS now better (with headline, bits separate, spacing improved)
 - both also sorted by encr. strength .. umm ..err bits!
 
 1.80
@@ -390,7 +390,7 @@ Full changelog @  https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
 - removed legacy code (PROD_REL var)
 
 1.76
-- bash was gone!! desaster for Ubuntu, fixed
+- bash was gone!! disaster for Ubuntu, fixed
 - starttls+rc4 check: bottom line was wrong
 - starttls had too much output (certificate) at first a/v check
 
@@ -480,13 +480,13 @@ Full changelog @  https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
 1.19
 * bugfix
 1.18
-* Rearragement of arguments: URL comes now always last!
+* Rearrangement of arguments: URL comes now always last!
 * small code cleanups for readability
 * individual cipher test is now with bold headline, not blue
 * NOPARANOID flag tells whether medium grade ciphers are ok. NOW they are (=<1.17 was paranoid)
 
 1.17
-* SSL tests now for renegotiation vulnerabilty!
+* SSL tests now for renegotiation vulnerability!
 * version detection of testssl.sh
 * program has a banner
 * fixed bug leading to a file named "1"

CONTRIBUTING.md

@@ -1,7 +1,7 @@
 
 ### Contributions / participation
 
-is always welcome, here @ gihub or via e-mail.
+is always welcome, here @ github or via e-mail.
 
 Note please the following
 

CREDITS.md

@@ -98,7 +98,7 @@ Full contribution, see git log.
   - LibreSSL patch
 
 * Jean Marsault
-  - client auth: ideas, code snipplets
+  - client auth: ideas, code snippets
 
 * Thomas Martens
   - adding colorblind option

doc/testssl.1

@@ -125,7 +125,7 @@ Please note that \fBfname\fR has to be in Unix format\. DOS carriage returns won
 \fB\-\-mode <serial|parallel>\fR\. Mass testing to be done serial (default) or parallel (\fB\-\-parallel\fR is shortcut for the latter, \fB\-\-serial\fR is the opposite option)\. Per default mass testing is being run in serial mode, i\.e\. one line after the other is processed and invoked\. The variable \fBMASS_TESTING_MODE\fR can be defined to be either equal \fBserial\fR or \fBparallel\fR\.
 .
 .P
-\fB\-\-warnings <batch|off>\fR\. The warnings parameter determines how testssl\.sh will deal with situations where user input normally will be necessary\. There are two options\. \fBbatch\fR doesn\'t wait for a confirming keypress when a client\- or server\-side probem is encountered\. As of 3\.0 it just then terminates the particular scan\. This is automatically chosen for mass testing (\fB\-\-file\fR)\. \fBoff\fR just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not\. Please note that there are conflicts where testssl\.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results\. Almost any other decision will be made in the future as a best guess by testssl\.sh\. The same can be achieved by setting the environment variable \fBWARNINGS\fR\.
+\fB\-\-warnings <batch|off>\fR\. The warnings parameter determines how testssl\.sh will deal with situations where user input normally will be necessary\. There are two options\. \fBbatch\fR doesn\'t wait for a confirming keypress when a client\- or server\-side problem is encountered\. As of 3\.0 it just then terminates the particular scan\. This is automatically chosen for mass testing (\fB\-\-file\fR)\. \fBoff\fR just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not\. Please note that there are conflicts where testssl\.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results\. Almost any other decision will be made in the future as a best guess by testssl\.sh\. The same can be achieved by setting the environment variable \fBWARNINGS\fR\.
 .
 .P
 \fB\-\-connect\-timeout <seconds>\fR This is useful for socket TCP connections to a node\. If the node does not complete a TCP handshake (e\.g\. because it is down or behind a firewall or there\'s an IDS or a tarpit) testssl\.sh may usually hang for around 2 minutes or even much more\. This parameter instructs testssl\.sh to wait at most \fBseconds\fR for the handshake to complete before giving up\. This option only works if your OS has a timeout binary installed\. CONNECT_TIMEOUT is the corresponding environment variable\.
@@ -342,7 +342,7 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, Expect\-CT,\.\.\. , CSP
 \fB\-g, \-\-grease\fR checks several server implementation bugs like tolerance to size limitations and GREASE, see RFC 8701\. This check doesn\'t run per default\.
 .
 .SS "VULNERABILITIES"
-\fB\-U, \-\-vulnerable, \-\-vulnerabilities\fR Just tests all (of the following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\.
+\fB\-U, \-\-vulnerable, \-\-vulnerabilities\fR Just tests all (of the following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\.
 .
 .P
 \fB\-H, \-\-heartbleed\fR Checks for Heartbleed, a memory leakage in openssl\. Unless the server side doesn\'t support the heartbeat extension it is likely that this check runs into a timeout\. The seconds to wait for a reply can be adjusted with \fBHEARTBLEED_MAX_WAITSOCK\fR\. 8 is the default\.