More tests with other tools

[kazu-yamamoto]

• trytls
• tlsfuzzer

[kazu-yamamoto]

With kazu-yamamoto/trytls#1, trytls says:

 FAIL protect against the Logjam attack [reject www.ssllabs.com:10445]
      output: 200 OK
 FAIL denies use of 480 bit Diffie-Hellman (DH) [reject dh480.badssl.com:443]
      output: 200 OK
 FAIL denies use of 512 bit Diffie-Hellman (DH) [reject dh512.badssl.com:443]
      output: 200 OK
 FAIL certificate has invalid key usage for HTTPS connection [reject bad-key-usage.badtls.io:11005]
      output: 200 OK
 FAIL denies use of MD5 signature algorithm (RFC 6151) [reject weak-sig.badtls.io:11004]
      output: 200 OK

[kazu-yamamoto]

4th one disappears on master thanks to #274.

[ocheron]

Also to note we have configurable hook for DH, and MD5 can be addressed with #194.

[vdukhovni]

MD5 should simply never have been included in signature algorithms. It was a mistake in the TLS 1.2 specification to include a code point for MD5 signatures. The solution is to remove support for the codepoint.

[kazu-yamamoto]

I sent a PR to trytls: ouspg/trytls#312