test suite missing with latest release 2.9.5-2

since latest release the test suite doesnt pass

TESTSSL_INSTALL_DIR="$(pwd)" prove -v

#   Failed test 'HTML file created with --debug 4 matches HTML file created without --debug'
#   at t/32_http.t line 52.
#          got: '<?xml version="1.0" encoding="UTF-8" ?>
# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
# <!-- This file was created with testssl.sh. https://testssl.sh -->
# <html xmlns="http://www.w3.org/1999/xhtml">
# <head>
# <meta http-equiv="Content-Type" content="application/xml+xhtml; charset=UTF-8" />
# <title>testssl.sh</title>
# </head>
# <body>
# <pre>
# 
# ###########################################################
#     testssl.sh       2.9.5 from <a href=https://testssl.sh/ style="font-weight:bold;color:black;text-decoration:none;">https://testssl.sh/</a>
# 
#       This program is free software. Distribution and
#              modification under GPLv2 permitted.
#       USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
# 
#        Please file bugs @ <a href=https://testssl.sh/bugs/ style="font-weight:bold;color:black;text-decoration:none;">https://testssl.sh/bugs/</a>
# 
# ###########################################################
# 
#  Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
#  on anthraxx:$PWD/bin/openssl.Linux.x86_64
#  (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
# 
# 
#  Start XXXX-XX-XX XX:XX:XX        --&gt;&gt; 104.154.89.105:443 (badssl.com) &lt;&lt;--
# 
#  rDNS (104.154.89.105):  105.89.154.104.bc.googleusercontent.com.
#  Service detected:       Couldn't determine what's running on port 443, assuming no HTTP service => skipping all HTTP checks
# 
# 
#  Testing protocols via sockets except SPDY+HTTP2 
# 
#  SSLv2      not offered (OK)
#  SSLv3      not offered (OK)
#  TLS 1      offered
#  TLS 1.1    offered
#  TLS 1.2    offered (OK)
#  SPDY/NPN   (SPDY is an HTTP protocol and thus not tested here)
#  HTTP2/ALPN (HTTP/2 is a HTTP protocol and thus not tested here)
# 
# 
#  Testing ~standard cipher categories 
# 
#  NULL ciphers (no encryption)                  not offered (OK)
#  Anonymous NULL Ciphers (no authentication)    not offered (OK)
#  Export ciphers (w/o ADH+NULL)                 not offered (OK)
#  LOW: 64 Bit + DES encryption (w/o export)     not offered (OK)
#  Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK)
#  Triple DES Ciphers (Medium)                   offered
#  High encryption (AES+Camellia, no AEAD)       offered (OK)
#  Strong encryption (AEAD ciphers)              offered (OK)
# 
# 
#  Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
# 
#  PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
#                               DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
#                               DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256
#                               ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA
#                               DHE-RSA-CAMELLIA128-SHA 
#  Elliptic curves offered:     sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp256k1 prime256v1 
#                               secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1 
# 
# 
#  Testing server preferences 
# 
#  Has server cipher order?     yes (OK)
#  Negotiated protocol          TLSv1.2
#  Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Cipher order
#     TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA
#                AES128-SHA AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA
#                CAMELLIA128-SHA 
#     TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA
#                AES128-SHA AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA
#                CAMELLIA128-SHA 
#     TLSv1.2:   ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256
#                DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384
#                ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
#                ECDHE-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA
#                AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA 
# 
# 
#  Testing server defaults (Server Hello) 
# 
#  TLS extensions (standard)    "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35"
#                               "heartbeat/#15" "next protocol/#13172" "application layer protocol negotiation/#16"
#  Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily
#  SSL Session ID support       yes
#  Session Resumption           Tickets: yes, ID: no
#  TLS clock skew               Random values, no fingerprinting possible 
#  Signature Algorithm          SHA256 with RSA
#  Server key size              RSA 2048 bits
#  Fingerprint / Serial         SHA1 CA5308746C1E0644D63AF61BF581C72AF90C7095 / 01F202031DFDA98EFDFF0F72BE51060D
#                               SHA256 D900D1834D077A49E7D729A8D065D7DAC4BF671390CAD1DED8872303554E04B2
#  Common Name (CN)             *.badssl.com (CN in response to request w/o SNI: badssl-fallback-unknown-subdomain-or-no-sni)
#  subjectAltName (SAN)         *.badssl.com badssl.com 
#  Issuer                       DigiCert SHA2 Secure Server CA (DigiCert Inc from US)
#  Trust (hostname)             Ok via SAN (same w/o SNI)
#  Chain of trust               Ok   
#  EV cert (experimental)       no 
#  Certificate Expiration       758 &gt;= 60 days (UTC: 2017-03-18 01:00 --> 2020-03-25 13:00)
#  # of certificates provided   2
#  Certificate Revocation List  http://crl3.digicert.com/ssca-sha2-g5.crl
#                               http://crl4.digicert.com/ssca-sha2-g5.crl
#  OCSP URI                     http://ocsp.digicert.com
#  OCSP stapling                --
#  OCSP must staple             no
#  DNS CAA RR (experimental)    --
#  Certificate Transparency     yes (certificate extension)
# 
# 
#  Testing vulnerabilities 
# 
#  Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
#  CCS (CVE-2014-0224)                       not vulnerable (OK)
#  Ticketbleed (CVE-2016-9244), experiment.  --   (applicable only for HTTPS)
#  Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
#  Secure Client-Initiated Renegotiation     not vulnerable (OK)
#  CRIME, TLS (CVE-2012-4929)                not vulnerable (OK) (not using HTTP anyway)
#  POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
#  TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
#  SWEET32 (CVE-2016-2183, CVE-2016-6329)    VULNERABLE, uses 64 bit block ciphers
#  FREAK (CVE-2015-0204)                     not vulnerable (OK)
#  DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
#                                            make sure you don't use this certificate elsewhere with SSLv2 enabled services
#                                            <a href=https://censys.io/ipv4?q=D900D1834D077A49E7D729A8D065D7DAC4BF671390CAD1DED8872303554E04B2 style="color:black;text-decoration:none;">https://censys.io/ipv4?q=D900D1834D077A49E7D729A8D065D7DAC4BF671390CAD1DED8872303554E04B2</a> could help you to find out
#  LOGJAM (CVE-2015-4000), experimental      VULNERABLE (NOT ok): common prime nginx/1024-bit MODP group with safe prime modulus detected (1024 bits),
#                                            but no DH EXPORT ciphers
#  BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA
#                                                  DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA
#                                                  DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA
#                                                  DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA 
#                                            VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
#  LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS
#  RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
# 
# 
#  Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
# 
# Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
# -----------------------------------------------------------------------------------------------------------------------------
#  xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
#  xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
#  xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
#  x9f     DHE-RSA-AES256-GCM-SHA384         DH 1024    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
#  x6b     DHE-RSA-AES256-SHA256             DH 1024    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                
#  x39     DHE-RSA-AES256-SHA                DH 1024    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
#  x88     DHE-RSA-CAMELLIA256-SHA           DH 1024    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
#  x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
#  x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
#  x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
#  x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
#  xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
#  xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              
#  xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 
#  x9e     DHE-RSA-AES128-GCM-SHA256         DH 1024    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                
#  x67     DHE-RSA-AES128-SHA256             DH 1024    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                
#  x33     DHE-RSA-AES128-SHA                DH 1024    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   
#  x45     DHE-RSA-CAMELLIA128-SHA           DH 1024    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
#  x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
#  x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    
#  x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
#  x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
#  xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH 256   3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                
#  x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      
# 
# Could not determine which protocol was started, only simulating generic clients.
# 
#  Running client simulations via sockets 
# 
#  Java 6u45                    TLSv1.0 DHE-RSA-AES128-SHA, 1024 bit DH
#  Java 7u25                    TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  Java 8u31                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
# 
#  Done XXXX-XX-XX XX:XX:XX [   Xs] --&gt;&gt; 104.154.89.105:443 (badssl.com) &lt;&lt;--
# 
# 
# </pre>
# </body>
# </html>
# '
#     expected: '<?xml version="1.0" encoding="UTF-8" ?>
# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
# <!-- This file was created with testssl.sh. https://testssl.sh -->
# <html xmlns="http://www.w3.org/1999/xhtml">
# <head>
# <meta http-equiv="Content-Type" content="application/xml+xhtml; charset=UTF-8" />
# <title>testssl.sh</title>
# </head>
# <body>
# <pre>
# 
# ###########################################################
#     testssl.sh       2.9.5 from <a href=https://testssl.sh/ style="font-weight:bold;color:black;text-decoration:none;">https://testssl.sh/</a>
# 
#       This program is free software. Distribution and
#              modification under GPLv2 permitted.
#       USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
# 
#        Please file bugs @ <a href=https://testssl.sh/bugs/ style="font-weight:bold;color:black;text-decoration:none;">https://testssl.sh/bugs/</a>
# 
# ###########################################################
# 
#  Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
#  on anthraxx:$PWD/bin/openssl.Linux.x86_64
#  (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
# 
# 
#  Start XXXX-XX-XX XX:XX:XX        --&gt;&gt; 104.154.89.105:443 (badssl.com) &lt;&lt;--
# 
#  rDNS (104.154.89.105):  105.89.154.104.bc.googleusercontent.com.
#  Service detected:       HTTP
# 
# 
#  Testing protocols via sockets except SPDY+HTTP2 
# 
#  SSLv2      not offered (OK)
#  SSLv3      not offered (OK)
#  TLS 1      offered
#  TLS 1.1    offered
#  TLS 1.2    offered (OK)
#  SPDY/NPN   http/1.1 (advertised)
#  HTTP2/ALPN http/1.1 (offered)
# 
#  Testing ~standard cipher categories 
# 
#  NULL ciphers (no encryption)                  not offered (OK)
#  Anonymous NULL Ciphers (no authentication)    not offered (OK)
#  Export ciphers (w/o ADH+NULL)                 not offered (OK)
#  LOW: 64 Bit + DES encryption (w/o export)     not offered (OK)
#  Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK)
#  Triple DES Ciphers (Medium)                   offered
#  High encryption (AES+Camellia, no AEAD)       offered (OK)
#  Strong encryption (AEAD ciphers)              offered (OK)
# 
# 
#  Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
# 
#  PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
#                               DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
#                               DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256
#                               ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA
#                               DHE-RSA-CAMELLIA128-SHA 
#  Elliptic curves offered:     sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp256k1 prime256v1 
#                               secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1 
# 
# 
#  Testing server preferences 
# 
#  Has server cipher order?     yes (OK)
#  Negotiated protocol          TLSv1.2
#  Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Cipher order
#     TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA
#                AES128-SHA AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA
#                CAMELLIA128-SHA 
#     TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA
#                AES128-SHA AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA
#                CAMELLIA128-SHA 
#     TLSv1.2:   ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256
#                DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384
#                ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
#                ECDHE-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA
#                AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA 
# 
# 
#  Testing server defaults (Server Hello) 
# 
#  TLS extensions (standard)    "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35"
#                               "heartbeat/#15" "next protocol/#13172" "application layer protocol negotiation/#16"
#  Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily
#  SSL Session ID support       yes
#  Session Resumption           Tickets: yes, ID: no
#  TLS clock skew               Random values, no fingerprinting possible 
#  Signature Algorithm          SHA256 with RSA
#  Server key size              RSA 2048 bits
#  Fingerprint / Serial         SHA1 CA5308746C1E0644D63AF61BF581C72AF90C7095 / 01F202031DFDA98EFDFF0F72BE51060D
#                               SHA256 D900D1834D077A49E7D729A8D065D7DAC4BF671390CAD1DED8872303554E04B2
#  Common Name (CN)             *.badssl.com (CN in response to request w/o SNI: badssl-fallback-unknown-subdomain-or-no-sni)
#  subjectAltName (SAN)         *.badssl.com badssl.com 
#  Issuer                       DigiCert SHA2 Secure Server CA (DigiCert Inc from US)
#  Trust (hostname)             Ok via SAN (same w/o SNI)
#  Chain of trust               Ok   
#  EV cert (experimental)       no 
#  Certificate Expiration       758 &gt;= 60 days (UTC: 2017-03-18 01:00 --> 2020-03-25 13:00)
#  # of certificates provided   2
#  Certificate Revocation List  http://crl3.digicert.com/ssca-sha2-g5.crl
#                               http://crl4.digicert.com/ssca-sha2-g5.crl
#  OCSP URI                     http://ocsp.digicert.com
#  OCSP stapling                --
#  OCSP must staple             no
#  DNS CAA RR (experimental)    --
#  Certificate Transparency     yes (certificate extension)
# 
# 
#  Testing HTTP header response @ &quot;/&quot; 
# 
#  HTTP Status Code             200 OK
#  HTTP clock skew              X sec from localtime
#  Strict Transport Security    --
#  Public Key Pinning           --
#  Server banner                nginx/1.10.3 (Ubuntu)
#  Application banner           --
#  Cookie(s)                    (none issued at "/")
#  Security headers             --
#  Reverse Proxy banner         --
# 
# 
#  Testing vulnerabilities 
# 
#  Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
#  CCS (CVE-2014-0224)                       not vulnerable (OK)
#  Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
#  Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
#  Secure Client-Initiated Renegotiation     not vulnerable (OK)
#  CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
#  BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
#                                            Can be ignored for static pages or if no secrets in the page
#  POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
#  TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
#  SWEET32 (CVE-2016-2183, CVE-2016-6329)    VULNERABLE, uses 64 bit block ciphers
#  FREAK (CVE-2015-0204)                     not vulnerable (OK)
#  DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
#                                            make sure you don't use this certificate elsewhere with SSLv2 enabled services
#                                            <a href=https://censys.io/ipv4?q=D900D1834D077A49E7D729A8D065D7DAC4BF671390CAD1DED8872303554E04B2 style="color:black;text-decoration:none;">https://censys.io/ipv4?q=D900D1834D077A49E7D729A8D065D7DAC4BF671390CAD1DED8872303554E04B2</a> could help you to find out
#  LOGJAM (CVE-2015-4000), experimental      VULNERABLE (NOT ok): common prime nginx/1024-bit MODP group with safe prime modulus detected (1024 bits),
#                                            but no DH EXPORT ciphers
#  BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA
#                                                  DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA
#                                                  DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA
#                                                  DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA 
#                                            VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
#  LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS
#  RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
# 
# 
#  Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
# 
# Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
# -----------------------------------------------------------------------------------------------------------------------------
#  xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
#  xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
#  xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
#  x9f     DHE-RSA-AES256-GCM-SHA384         DH 1024    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
#  x6b     DHE-RSA-AES256-SHA256             DH 1024    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                
#  x39     DHE-RSA-AES256-SHA                DH 1024    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
#  x88     DHE-RSA-CAMELLIA256-SHA           DH 1024    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
#  x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
#  x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
#  x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
#  x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
#  xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
#  xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              
#  xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 
#  x9e     DHE-RSA-AES128-GCM-SHA256         DH 1024    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                
#  x67     DHE-RSA-AES128-SHA256             DH 1024    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                
#  x33     DHE-RSA-AES128-SHA                DH 1024    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   
#  x45     DHE-RSA-CAMELLIA128-SHA           DH 1024    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
#  x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
#  x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    
#  x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
#  x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
#  xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH 256   3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                
#  x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      
# 
# 
#  Running client simulations via sockets 
# 
#  Android 2.3.7                TLSv1.0 DHE-RSA-AES128-SHA, 1024 bit DH
#  Android 4.1.1                TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  Android 4.3                  TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  Android 4.4.2                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Android 5.0.0                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Android 6.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Android 7.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Chrome 51 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Chrome 57 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Firefox 49 Win 7             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Firefox 53 Win 7             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  IE 6 XP                      No connection
#  IE 7 Vista                   TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  IE 8 XP                      TLSv1.0 DES-CBC3-SHA
#  IE 8 Win 7                   TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  IE 11 Win 7                  TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 1024 bit DH
#  IE 11 Win 8.1                TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 1024 bit DH
#  IE 11 Win Phone 8.1 Update   TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 1024 bit DH
#  IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Edge 13 Win 10               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Edge 13 Win Phone 10         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Opera 17 Win 7               TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
#  Safari 5.1.9 OS X 10.6.8     TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  Safari 7 iOS 7.1             TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
#  Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  Tor 17.0.9 Win 7             TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  Java 6u45                    TLSv1.0 DHE-RSA-AES128-SHA, 1024 bit DH
#  Java 7u25                    TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
#  Java 8u31                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
#  OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
# 
#  Done XXXX-XX-XX XX:XX:XX [   Xs] --&gt;&gt; 104.154.89.105:443 (badssl.com) &lt;&lt;--
# 
# 
# </pre>
# </body>
# </html>
# '
# Looks like you failed 1 test of 6.
t/32_http.t .................. 
ok 1 - Running testssl.sh against badssl.com to create HTML and terminal outputs (may take 2~3 minutes)
ok 2 - Comparing HTML and terminal outputs
ok 3 - HTML file matches terminal output
ok 4 - Running testssl.sh against badssl.com with --debug 4 to create HTML output (may take 2~3 minutes)
ok 5 - Checking that using the --debug option doesn't affect the HTML file
not ok 6 - HTML file created with --debug 4 matches HTML file created without --debug
1..6
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/6 subtests 

Test Summary Report
-------------------
t/32_http.t                (Wstat: 256 Tests: 6 Failed: 1)
  Failed test:  6
  Non-zero exit status: 1
Files=5, Tests=41, 966 wallclock secs ( 0.03 usr  0.00 sys + 80.56 cusr 74.02 csys = 154.61 CPU)
Result: FAIL

1. openssl version used (testssl.sh -b 2>/dev/null | head -16 | tail -3)

Using "OpenSSL 1.1.0g 2 Nov 2017" [~144 ciphers]

1. your operating system (uname -a)

Linux 4.15.4-1-hardened #1 SMP PREEMPT Sun Feb 18 20:21:01 CET 2018 x86_64 GNU/Linux

drwetter / testssl.sh

test suite missing with latest release 2.9.5-2 #1003