2014-11-17 18:47:39 +01:00
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
Full contribution, see git log.
|
|
|
|
|
|
2020-01-20 12:50:31 +01:00
|
|
|
* Dirk Wetter (creator, maintainer and main contributor)
|
2020-01-17 10:59:47 +01:00
|
|
|
- Everything what's not mentioned below and is included in testssl.sh's git log
|
|
|
|
|
minus what I probably forgot to mention
|
|
|
|
|
(too much other things to do at the moment and to list it would be a tough job)
|
|
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* David Cooper (main contributor)
|
2020-01-17 10:59:47 +01:00
|
|
|
- Major extensions to socket support for all protocols
|
|
|
|
|
- extended parsing of TLS ServerHello messages
|
2023-10-10 11:32:12 +02:00
|
|
|
- TLS 1.3 support (final and pre-final) with needed en/decryption
|
2020-01-17 10:59:47 +01:00
|
|
|
- add several TLS extensions
|
2017-07-13 14:00:41 +02:00
|
|
|
- Detection + output of multiple certificates
|
|
|
|
|
- several cleanups of server certificate related stuff
|
|
|
|
|
- testssl.sh -e/-E: testing with a mixture of openssl + sockets
|
2020-01-17 10:59:47 +01:00
|
|
|
- add more ciphers
|
|
|
|
|
- coloring of ciphers
|
2017-07-13 14:00:41 +02:00
|
|
|
- extensive CN+SAN <--> hostname check
|
2017-09-20 17:20:24 +02:00
|
|
|
- separate check for curves
|
2017-07-13 14:00:41 +02:00
|
|
|
- RFC 7919, key shares extension
|
2020-01-17 10:59:47 +01:00
|
|
|
- keyUsage extension in certificate
|
|
|
|
|
- experimental "eTLS" detection
|
2017-07-13 14:00:41 +02:00
|
|
|
- parallel mass testing!
|
2017-09-19 17:34:22 +02:00
|
|
|
- RFC <--> OpenSSL cipher name space switches for the command line
|
2021-08-04 20:39:12 +02:00
|
|
|
- better error msg suppression (not fully installed openssl)
|
2017-09-19 17:34:22 +02:00
|
|
|
- GREASE support
|
2020-01-17 10:59:47 +01:00
|
|
|
- Bleichenbacher / ROBOT vulnerability test
|
|
|
|
|
- several protocol preferences improvements
|
|
|
|
|
- pwnedkeys.com support
|
|
|
|
|
- CT support
|
2023-10-10 11:13:44 +02:00
|
|
|
- Extract CA list CertificateRequest message is encountered
|
2021-08-04 20:39:12 +02:00
|
|
|
- RFC 8879, certificate compression
|
2023-01-17 15:19:34 +01:00
|
|
|
- 128 cipher limit, padding
|
|
|
|
|
- compatibility for LibreSSL and different OpenSSL versions
|
|
|
|
|
- Check for ffdhe groups
|
2023-10-10 11:13:44 +02:00
|
|
|
- TLS 1.2 and TLS 1.3 sig algs added
|
2023-01-17 15:19:34 +01:00
|
|
|
- Show server supported signature algorithms
|
|
|
|
|
- Show supported certification authorities sent by the server when client auth is requested
|
|
|
|
|
- Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
|
2023-10-10 11:13:44 +02:00
|
|
|
- Provide compatibility to every LibreSSL/OpenSSL versions
|
2020-01-17 10:59:47 +01:00
|
|
|
- Lots of fixes and improvements
|
2017-11-14 13:49:27 +01:00
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
##### Further credits (in alphabetical order)
|
2017-11-14 13:49:27 +01:00
|
|
|
|
2020-01-20 12:50:31 +01:00
|
|
|
* a666
|
|
|
|
|
- Bugfix
|
|
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Christoph Badura
|
|
|
|
|
- NetBSD fixes
|
|
|
|
|
|
2020-09-08 15:34:30 +02:00
|
|
|
* Jim Blankendaal
|
2020-10-19 22:12:59 +02:00
|
|
|
- maximum certificate lifespan of 398 days
|
|
|
|
|
- ssl renegotiation amount variable
|
2020-12-22 22:33:25 +01:00
|
|
|
- custom http request headers
|
2020-09-08 15:34:30 +02:00
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Frank Breedijk
|
|
|
|
|
- Detection of insecure redirects
|
|
|
|
|
- JSON and CSV output
|
|
|
|
|
- CA pinning
|
|
|
|
|
- Client simulations
|
|
|
|
|
- CI integration, some test cases for it
|
2017-09-19 17:34:22 +02:00
|
|
|
|
2020-04-20 22:49:48 +02:00
|
|
|
* Steven Danneman
|
|
|
|
|
- Postgres and MySQL STARTTLS support
|
|
|
|
|
- MongoDB support
|
2020-01-17 10:59:47 +01:00
|
|
|
|
|
|
|
|
* Christian Dresen
|
|
|
|
|
- Dockerfile
|
2017-05-17 18:56:07 +02:00
|
|
|
|
2020-01-20 12:50:31 +01:00
|
|
|
* csett86
|
|
|
|
|
- some MacOSX and Java client handshake data
|
|
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Mark Felder
|
|
|
|
|
- lots of cleanups
|
|
|
|
|
- Shellcheck static analysis
|
|
|
|
|
|
|
|
|
|
* Laine Gholson
|
|
|
|
|
- avahi/mDNS support
|
|
|
|
|
- HTTP2/ALPN
|
|
|
|
|
- bugfixes
|
|
|
|
|
- former ARM binary support
|
|
|
|
|
|
|
|
|
|
* Maciej Grela
|
|
|
|
|
- colorless handling
|
|
|
|
|
|
2020-01-20 12:50:31 +01:00
|
|
|
* Jac2NL
|
|
|
|
|
- initial support for skipping offensive vulnerability tests
|
|
|
|
|
|
|
|
|
|
* Scott Johnson
|
|
|
|
|
- Bugfix F5
|
|
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
* Hubert Kario
|
|
|
|
|
- helped with avoiding accidental TCP fragmentation
|
|
|
|
|
|
2023-10-10 11:13:44 +02:00
|
|
|
* Brennan Kinney
|
2023-03-23 09:11:14 +01:00
|
|
|
- refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
|
2023-10-10 11:13:44 +02:00
|
|
|
|
2020-04-20 22:49:48 +02:00
|
|
|
* Magnus Larsen
|
|
|
|
|
- SSL Labs Rating
|
|
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
* Jacco de Leeuw
|
|
|
|
|
- skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
|
|
|
|
|
|
|
|
|
|
* Manuel
|
|
|
|
|
- HTTP basic auth
|
|
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Markus Manzke
|
|
|
|
|
- Fix for HSTS + subdomains
|
|
|
|
|
- LibreSSL patch
|
|
|
|
|
|
|
|
|
|
* Jean Marsault
|
2021-09-03 23:37:37 +02:00
|
|
|
- client auth: ideas, code snippets
|
2017-11-14 13:49:27 +01:00
|
|
|
|
|
|
|
|
* Thomas Martens
|
|
|
|
|
- adding colorblind option
|
|
|
|
|
- no-rfc mapping
|
|
|
|
|
|
|
|
|
|
* Peter Mosmans
|
|
|
|
|
- started way better cmd line parsing
|
|
|
|
|
- cleanups, fixes
|
|
|
|
|
- openssl sources support with the "missing" features
|
|
|
|
|
|
|
|
|
|
* John Newbigin
|
|
|
|
|
- Proxy support (sockets and openssl)
|
2017-05-17 18:56:07 +02:00
|
|
|
|
2016-11-21 09:05:56 +01:00
|
|
|
* Oleksandr Nosenko
|
2017-05-17 18:56:07 +02:00
|
|
|
- non-flat JSON support (--json-pretty)
|
|
|
|
|
- in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
|
2016-10-03 20:21:38 +02:00
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Jonathan Roach
|
|
|
|
|
- TLS_FALLBACK_SCSV checks
|
2016-01-30 23:57:00 +01:00
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Jonathon Rossi
|
|
|
|
|
- fix for bash3 (Darwin)
|
|
|
|
|
- and other Darwin fixes
|
2017-05-17 18:56:07 +02:00
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Дилян Палаузов
|
|
|
|
|
- bug fix for 3des report
|
|
|
|
|
- reported a tricky STARTTLS bug
|
|
|
|
|
|
|
|
|
|
* Thomas Patzke:
|
|
|
|
|
- Support of supplying timeout value for openssl connect
|
2015-06-29 23:31:51 +02:00
|
|
|
|
2015-07-21 10:25:17 +02:00
|
|
|
* Olivier Paroz
|
2017-05-17 18:56:07 +02:00
|
|
|
- conversion xxd --> hexdump stuff
|
2015-07-21 10:25:17 +02:00
|
|
|
|
2015-08-04 10:33:48 +02:00
|
|
|
* Jeroen Wiert Pluimers
|
2016-10-03 20:21:38 +02:00
|
|
|
- Darwin binaries support
|
2015-08-04 10:33:48 +02:00
|
|
|
|
2020-01-20 12:50:31 +01:00
|
|
|
* Joao Poupino
|
|
|
|
|
- Minimize false positive detection for Renegotiation checks against Node.js etc.
|
|
|
|
|
|
2015-07-21 10:25:17 +02:00
|
|
|
* Rechi
|
2017-07-13 14:00:41 +02:00
|
|
|
- initial MX stuff
|
|
|
|
|
- fixes
|
2015-06-29 23:31:51 +02:00
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
* Gonçalo Ribeiro
|
|
|
|
|
- --connect-timeout
|
|
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Dmitri S
|
|
|
|
|
- inspiration & help for Darwin port
|
2015-03-17 22:14:05 +01:00
|
|
|
|
2020-05-01 18:03:19 +02:00
|
|
|
* Jonas Schäfer
|
|
|
|
|
- XMPP server patch
|
|
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
* Marcin Szychowski
|
|
|
|
|
- Quick'n'dirty client certificate support
|
|
|
|
|
|
2015-08-02 00:07:08 +02:00
|
|
|
* Viktor Szépe
|
2017-07-13 14:00:41 +02:00
|
|
|
- color function maker
|
2015-08-02 00:07:08 +02:00
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* Julien Vehent
|
|
|
|
|
- supplied 1st Darwin binary
|
2016-02-01 22:41:36 +01:00
|
|
|
|
2020-01-20 12:50:31 +01:00
|
|
|
* Thomas Ward
|
|
|
|
|
- add initial IDN support
|
|
|
|
|
|
2017-11-14 13:49:27 +01:00
|
|
|
* @typingArtist
|
|
|
|
|
- improved BEAST detection
|
|
|
|
|
|
|
|
|
|
* @f-s
|
|
|
|
|
- ARM binary support
|
2015-07-21 10:25:17 +02:00
|
|
|
|
2015-03-13 12:21:06 +01:00
|
|
|
* @nvsofts (NV)
|
2017-07-13 14:02:33 +02:00
|
|
|
- LibreSSL patch for GOST
|
2015-03-13 12:21:06 +01:00
|
|
|
|
2023-03-23 14:45:51 +01:00
|
|
|
* @w4ntun
|
|
|
|
|
- fixed DNS via proxy
|
|
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
|
2017-05-17 18:56:07 +02:00
|
|
|
|
2014-11-17 18:47:39 +01:00
|
|
|
|
2014-11-17 18:59:57 +01:00
|
|
|
##### Last but not least:
|
2014-11-17 18:47:39 +01:00
|
|
|
|
2016-01-15 17:05:43 +01:00
|
|
|
* OpenSSL team for providing openssl.
|
|
|
|
|
|
2020-01-17 10:59:47 +01:00
|
|
|
* Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
|
2014-11-17 18:47:39 +01:00
|
|
|
|
2017-05-17 18:56:07 +02:00
|
|
|
* My family for supporting me doing this work
|
