2019-04-23 23:14:02 +02:00
2019-04-24 20:42:51 +02:00
## Change Log
2023-07-31 12:40:56 +02:00
### Features implemented / improvements in 3.2
2020-04-28 13:35:24 +02:00
2023-10-10 11:13:44 +02:00
* Rating (SSL Labs, not complete)
2020-04-28 13:35:24 +02:00
* Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default)
2023-10-10 11:32:12 +02:00
* Remove "negotiated cipher / protocol"
* Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
* Switched to multi-stage docker image with opensuse base to avoid musl libc issues, performance gain also
2020-04-28 13:35:24 +02:00
* Improved compatibility with OpenSSL 3.0
2023-10-10 11:32:12 +02:00
* Improved compatibility with Open/LibreSSL versions not supporting TLS 1.0-1.1 anymore
2020-04-28 13:35:24 +02:00
* Renamed PFS/perfect forward secrecy --> FS/forward secrecy
2023-10-10 11:13:44 +02:00
* Cipher list straightening
2020-04-20 22:49:31 +02:00
* Improved mass testing
2023-10-10 11:32:12 +02:00
* Better align colors of ciphers with standard cipherlists
* Save a few cycles for ROBOT
2023-10-10 11:13:44 +02:00
* Several ciphers more colorized
2020-04-28 13:35:24 +02:00
* Percent output char problem fixed
* Several display/output fixes
2020-05-11 14:07:02 +02:00
* BREACH check: list all compression methods and add brotli
2020-11-26 10:48:32 +01:00
* Test for old winshock vulnerability
* Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
2023-10-10 11:32:12 +02:00
* STARTTLS: XMPP server support, plus new set of OpenSSL-bad binaries
2023-10-10 11:13:44 +02:00
* Several code improvements to STARTTLS, also better detection when no STARTTLS is offered
* STARTTLS on active directory service support
* Security fixes: DNS and other input from servers
2020-08-11 15:36:43 +02:00
* Don't penalize missing trust in rating when CA not in Java store
2021-09-03 23:37:37 +02:00
* Added support for certificates with EdDSA signatures and public keys
2023-10-10 11:13:44 +02:00
* Extract CA list shows supported certification authorities sent by the server
* TLS 1.2 and TLS 1.3 sig algs added
* Check for ffdhe groups
* Show server supported signature algorithms
2020-08-18 21:52:59 +02:00
* --add-ca can also now be a directory with \*.pem files
2020-09-08 15:34:30 +02:00
* Warning of 398 day limit for certificates issued after 2020/9/1
2020-10-19 22:37:10 +02:00
* Added environment variable for amount of attempts for ssl renegotiation check
2020-10-19 09:32:41 +02:00
* Added --user-agent argument to support using a custom User Agent
2020-11-13 19:26:47 +01:00
* Added --overwrite argument to support overwriting output files without warning
2020-12-08 19:52:42 +01:00
* Headerflag X-XSS-Protection is now labeled as INFO
2023-10-10 11:13:44 +02:00
* Strict parser for HSTS
* DNS via proxy improvements
2020-12-08 19:52:42 +01:00
* Client simulation runs in wide mode which is even better readable
2020-12-25 20:10:02 +01:00
* Added --reqheader to support custom headers in HTTP requests
2021-08-04 20:39:12 +02:00
* Test for support for RFC 8879 certificate compression
2023-10-10 11:13:44 +02:00
* Deprecating --fast and --ssl-native (warning but still av)
2023-01-17 15:19:34 +01:00
* Compatible to GNU grep 3.8
2023-10-10 11:13:44 +02:00
* Don't use external pwd command anymore
2023-03-23 15:05:15 +01:00
* Doesn't hang anymore when there's no local resolver
2024-09-06 17:37:42 +02:00
* Added --mtls feature to support client authentication
* If a TLS 1.3 host is tested and e.g. /usr/bin/openssl supports it, it'll automagically will switch to it
2023-01-17 15:19:34 +01:00
2020-04-20 22:49:31 +02:00
2020-01-20 12:49:49 +01:00
### Features implemented / improvements in 3.0
2019-04-23 23:14:02 +02:00
* Full support of TLS 1.3, shows also drafts supported
2020-01-08 11:22:09 +01:00
* Extended protocol downgrade checks
2019-04-23 23:14:02 +02:00
* ROBOT check
* Better TLS extension support
2020-01-08 11:22:09 +01:00
* Better OpenSSL 1.1.1 and higher versions support as well as LibreSSL >3
* More robustness for OpenBSD
2019-04-23 23:14:02 +02:00
* DNS over Proxy and other proxy improvements
* Decoding of unencrypted BIG IP cookies
2019-12-11 21:49:23 +01:00
* Initial client certificate support
2020-01-17 10:59:47 +01:00
* Warning of 825 day limit for certificates issued after 2018/3/1
2019-12-11 21:49:23 +01:00
* Socket timeouts (``--connect-timeout``)
2020-01-17 10:59:47 +01:00
* IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
2019-12-11 21:49:23 +01:00
* Initial support for certificate compression
2021-09-03 23:37:37 +02:00
* Better JSON output: renamed IDs and findings shorter/better parsable, also includes certificate
2019-04-23 23:14:02 +02:00
* JSON output now valid also for non-responding servers
* Testing now per default 370 ciphers
* Further improving the robustness of TLS sockets (sending and parsing)
* Support of supplying timeout value for `openssl connect` -- useful for batch/mass scanning
* File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
* LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2)
* PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
* Check for session resumption (Ticket, ID)
2020-01-17 10:59:47 +01:00
* TLS Robustness check GREASE and more
2019-11-02 10:20:57 +01:00
* Server preference distinguishes between TLS 1.3 and lower protocols
2019-12-11 21:49:23 +01:00
* Mark TLS 1.0 and TLS 1.1 as deprecated
2020-01-08 11:22:09 +01:00
* Does a few startup checks which make later tests easier and faster (``determine_optimal_\*()``)
2019-04-23 23:14:02 +02:00
* Expect-CT Header Detection
* `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
2019-06-12 15:41:07 +02:00
* `--phone-out` checks whether the private key has been compromised via https://pwnedkeys.com/
2019-04-23 23:14:02 +02:00
* Missing SAN warning
* Added support for private CAs
2020-01-17 10:59:47 +01:00
* Way better handling of connectivity problems (counting those, if threshold exceeded -> bye)
2019-11-02 10:20:57 +01:00
* Fixed TCP fragmentation
* Added `--ids-friendly` switch
2019-04-23 23:14:02 +02:00
* Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
2019-11-02 10:20:57 +01:00
* Better error msg suppression (not fully installed OpenSSL)
2019-12-11 21:49:23 +01:00
* Better parsing of HTTP headers & better output of longer HTTP headers
2020-01-20 12:49:49 +01:00
* Display more HTTP security headers
2020-01-17 10:59:47 +01:00
* HTTP Basic Auth support for HTTP header
2020-01-20 12:49:49 +01:00
* experimental "eTLS" detection
2019-04-23 23:14:02 +02:00
* Dockerfile and repo @ docker hub with that file (see above)
* Java Root CA store added
* Better support for XMPP via STARTTLS & faster
* Certificate check for to-name in stream of XMPP
2020-01-17 10:59:47 +01:00
* Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL
2019-06-12 15:41:07 +02:00
* Support for SNI and STARTTLS
2020-01-20 12:49:49 +01:00
* More robustness for any STARTTLS protocol (fall back to plaintext while in TLS caused problems)
2021-09-03 23:37:37 +02:00
* Renegotiation checks improved, also no false positive for Node.js anymore
2020-01-17 10:59:47 +01:00
* Major update of client simulations with self-collected up-to-date data
* Update of CA certificate stores
* Lots of bug fixes
* More travis/CI checks -- still place for improvements
2019-11-02 10:20:57 +01:00
* Man page reviewed
2019-04-24 20:42:51 +02:00
2020-01-20 12:49:49 +01:00
### Features implemented / improvements in 2.9.5
2019-04-24 20:42:51 +02:00
* Way better coverage of ciphers as most checks are done via bash sockets where ever possible
* Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness)
2021-09-03 23:37:37 +02:00
* Testing 359 default ciphers (``testssl.sh -e/-E``) with a mixture of sockets and openssl. Same speed as with openssl only but additional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
2019-04-24 20:42:51 +02:00
* TLS 1.2 protocol check via sockets in production
* Finding more TLS extensions via sockets
* TLS Supported Groups Registry (RFC 7919), key shares extension
* Non-flat JSON output support
* File output (CSV, JSON flat, JSON non-flat) supports a minimum severity level (only above supplied level there will be output)
* Native HTML support instead going through 'aha'
* LUCKY13 and SWEET32 checks
* Ticketbleed check
* LOGJAM: now checking also for known DH parameters
* Support of supplying timeout value for ``openssl connect`` -- useful for batch/mass scanning
* Parallel mass testing
* Check for CAA RR
* Check for OCSP must staple
* Check for Certificate Transparency
* Check for session resumption (Ticket, ID)
* Better formatting of output (indentation)
* Choice showing the RFC naming scheme only
* File input for mass testing can be also in nmap grep(p)able (-oG) format
* Postgres und MySQL STARTTLS support
* Man page
### New in 2.8
* Trust chain check against certificate stores from Apple (OS), Linux (OS),
Microsoft (OS), Mozilla (Firefox Browser), works for openssl >=1.0.1
* IPv6 (status: 80% working, details see
https://github.com/drwetter/testssl.sh/issues/11
* works now on servers requiring a x509 certificate for authentication
* extensive CN < -- > hostname check
* SSL Session ID check
* Avahi/mDNS based name resolution
* HTTP2/ALPN protocol check
* Logging to a file / dir
* Logging to (flat) JSON + CSV
* HPKP checks now also for Root, intermediate SPKIs
* Check for multiple server certificates
* Browser cipher simulation: what client will connect with which cipher + protocol
* GOST cipher+certificate improvements
* Assistance for color-blind users
* Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems
* Considerable speed improvements for each cipher runs (-e/-E)
* More robust SSLv2 + TLS socket interface
2021-09-03 23:37:37 +02:00
* separate check for curves
2019-04-24 20:42:51 +02:00
* OpenSSL 1.1.0 compliant
* check for DROWN
* Whole number of bugs squashed
### New in 2.6
* Display matching host key (HPKP)
* LOGJAM 1: check DHE_EXPORT cipher
* LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers
* "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name
* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit)
* OS X binaries (@jvehent, new builds: @jpluimers )
* ARM binary (@f-s)
* FreeBSD binary
* TLS_FALLBACK_SCSV check -- thx @JonnyHightower
* (HTTP) proxy support! Also with sockets -- thx @jnewbigin
* Extended validation certificate detection
* Run in default mode through all ciphers at the end of a default run
2021-09-03 23:37:37 +02:00
* will test multiple IP addresses of one supplied server name in one shot, --ip= restricts it accordingly
2019-04-24 20:42:51 +02:00
* new mass testing file option --file option where testssl.sh commands are being read from, see https://twitter.com/drwetter/status/627619848344989696
* TLS time and HTTP time stamps
* TLS time displayed also for STARTTLS protocols
* support of sockets for STARTTLS protocols
* TLS 1.0-1.1 as socket checks per default in production
* further detection of security relevant headers (reverse proxy, IPv4 addresses), proprietary banners (OWA, Liferay etc.)
* can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams).
* quite some LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)
* lots of fixes, code improvements, even more robust
Full log @ https://github.com/drwetter/testssl.sh/commits/2.6/testssl.sh
### New in 2.4
* "only one cmd line option at a time" is completely gone
* several tuning parameters on the cmd line (only available through environment variables b4): --assuming-http, --ssl-native, --sneaky, --warnings, --color, -- debug, --long
* certificate information
* more HTTP header infos (cookies+security headers)
* protocol check via bash sockets for SSLv2+v3
* debug handling significantly improved (verbosity/each function leaves files in $TEMPDIR)
* BEAST check
* FREAK check
* check for Secure Client-Initiated Renegotiation
* lots of cosmetic and maintainability code cleanups
* bugfixing
Full changelog: https://github.com/drwetter/testssl.sh/commits/2.4/testssl.sh
### 2.2. new features:
* Works fully under FreeBSD (openssl >=1.0)
* single cipher check (-x) with pattern of hexcode/cipher
* check for POODLE SSL
* HPKP check
* OCSP stapling
* GOST and CHACHA20 POLY1305 cipher support
* service detection (HTTP, IMAP, POP, SMTP)
* runs now with all colors, b/w screen, no escape codes at all
* protocol check better
* job control removes stalling
* RFC < --- > OpenSSL name space mapping of ciphers everywhere
* includes a lot of fixes
Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
### 2.0 major release, new features:
* SNI
* STARTTLS fully supported
* RC4 check
* (P)FS check
* SPDY check
* color codes make more sense now
* cipher hexcodes are shown
* tests ciphers per protocol
* HSTS
* web and application server banner
2021-09-03 23:37:37 +02:00
* server preferences
2019-04-24 20:42:51 +02:00
* TLS server extensions
* server key size
* cipher suite mapping from openssl to RFC
* heartbleed check
* CCS injection check
### Historical releases
1.112
- IPv6 display fix
1.111
2021-09-03 23:37:37 +02:00
- NEW: tested under FreeBSD (works with exception of xxd in CCS)
2019-04-24 20:42:51 +02:00
- getent now works under Linux and FreeBSD
- sed -i in hsts sacrificed for compatibility
2021-09-03 23:37:37 +02:00
- removed query for IP for finishing banner, is now called once in parse_hn_port
2019-04-24 20:42:51 +02:00
- GOST warning after banner
- empty build date is not displayed anymore
- long build date strings minimized
- FIXED: IPv6 address are displayed again
1.110
- NEW: adding Russian GOST cipher support by providing a config file on the fly
- adding the compile date of openssl in the banner
1.109
- minor IPv6 fixes
1.108
- NEW: Major rewrite of output functions. Now using printf instead of "echo -e" for BSD and MacOSX compatibility
1.107
- improved IP address stuff
1.106
- minor fixes
1.105
- NEW: working prototype for CCS injection
1.104
- NEW: everywhere *also* RFC style ciphers -- if the mapping file is found
- unitary calls to display cipher suites
1.103
- NEW: telnet support for STARTTLS (works only with a patched openssl version)
--> not tested (lack of server)
1.102
- NEW: test for BREACH (experimental)
.101
- BUGFIX: muted too verbose output of which on CentOS/RHEL
- BUGFIX: muted too verbose output of netcat/nc on CentOS/RHEL+Debian
1.100
- further cleanup
- starttls now tests allciphers() instead of cipher_per_proto
(normal use case makes most sense here)
- ENV J_POSITIV --> SHOW_EACH_C
- finding mapping-rfc.txt is now a bit smarter
- preparations for ChaCha20-Poly1305 (would have provided binaries but
"openssl s_client -connect" with that ciphersuite fails currently with
a handshake error though client and server hello succeeded!)
1.99
- BUGFIX: now really really everywhere testing the IP with supplied name
- locking out openssl < 0.9.8f , new function called " old_fart " ; - )
- FEATURE: displaying PTR record of IP
- FEATURE: displaying further IPv4/IPv6 addresses
- bit of a cleanup
1.98
- http_header is in total only called once
- better parsing of default protocol (FIXME shouldn't appear anymore)
1.97
- reduced sleep time for server hello and payload reply (heartbleed)
1.96
- NEW: (experimental) heartbleed support with bash sockets (shell only SSL handshake!)
see also https://testssl.sh/bash-heartbleed.sh
1.95 (2.0rc3)
- changed cmdline options for CRIME and renego vuln to uppercase
- NEW: displays server key size now
- NEW: displays TLS server extensions (might kill old openssl versions)
- brown warning if HSTS < 180 days
- brown warning if SSLv3 is offered as default protocol
1.94
- NEW: prototype of mapping to RFC cipher suite names, needed file mapping-rfc.txt in same dir
as of now only used for 'testssl.sh -V'
- internal renaming: it was supposed to be "cipherlists" instead of "ciphersuites"
- additional tests for cipherlists DES, 3DES, ADH
1.93
- BUGFIX: removed space in Server banner fixed (at the expense of showing just nothing if Server string is empty)
1.92
- BUGFIX: fixed error of faulty detected empty server string
1.91
- replaced most lcyan to brown (=not really bad but somehow)
- empty server string better displayed
2021-09-03 23:37:37 +02:00
- preferred CBC TLS 1.2 cipher is now brown (lucky13)
2019-04-24 20:42:51 +02:00
1.90
- fix for netweaver banner (server is lowercase)
- no server banner is no disadvantage (color code)
1.89
- reordered! : protocols + cipher come first
2021-09-03 23:37:37 +02:00
- colorized preferred server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
2019-04-24 20:42:51 +02:00
- SSLv3 is now light cyan
- NEW: -P|--preference now in help menu
- light cyan is more appropriate than red for HSTS
1.88
- NEW: prototype for protocol and cipher preference
- prototype for session ticket
1.87
- changed just the version string to rc1
1.86
- NEW: App banner now production, except 2 liners
- DEBUG: 1 is now true as everywhere else
- CRIME+Renego prettier
- last optical polish for RC4, PFS
1.85
- NEW: appbanner (also 2 lines like asp.net)
- OSSL_VER_MAJOR/MINOR/APPENDIX
- less bold because bold headlines as bold should be reserved for emphasize findings
- tabbed output also for protocols and cipher classes
- unify neat printing
1.84
- NEW: deprecating openssl version < 0.98
- displaying a warning >= 0.98 < 1.0
- NEW: neat print also for all ciphers (-E,-e)
1.83
- BUGFIX: results from unit test: logical error in PFS+RC4 fixed
- headline of -V / PFS+RC4 ciphers unified
1.82
2021-09-03 23:37:37 +02:00
- NEW: output for -V now better (bits separate, spacing improved)
2019-04-24 20:42:51 +02:00
1.81
2021-09-03 23:37:37 +02:00
- output for RC4+PFS now better (with headline, bits separate, spacing improved)
2019-04-24 20:42:51 +02:00
- both also sorted by encr. strength .. umm ..err bits!
1.80
- order of finding supplied binary extended (first one wins):
1. use supplied variable $OPENSSL
2. use "openssl" in same path as testssl.sh
3. use "openssl.`uname -m`" in same path as testssl.sh
4. use anything in system $PATH (return value of "which"
1.79
- STARTTLS options w/o trailing 's' now (easier)
- commented code for CRIME SPDY
- issue a warning for openssl < 0.9.7 ( that version won ' t work anyway probably )
1.78
- -E, -e now sorted by encryption strength (note: it's only encr key length)
- -V now pretty prints all local ciphers
- -V < pattern > now pretty prints all local ciphers matching pattern (plain string, no regex)
- bugfix: SSLv2 cipher hex codes has 3 bytes!
1.77
- removed legacy code (PROD_REL var)
1.76
2021-09-03 23:37:37 +02:00
- bash was gone!! disaster for Ubuntu, fixed
2019-04-24 20:42:51 +02:00
- starttls+rc4 check: bottom line was wrong
- starttls had too much output (certificate) at first a/v check
1.75
- location is now https://testssl.sh
- be nice: banner, version, help also works for BSD folks (on dash)
- bug in server banner fixed
- sneaky referer and user agent possible
1.74
- Debian 7 fix
- ident obsoleted
1.72
- removed obsolete GREP
- SWURL/SWCONTACT
- output for positive RC4 better
1.71
- workaround for buggy bash (RC4)
- colors improved
- blue is now reserved for headline
- magenta for local probs
- in RC4 removal of SSL protocol provided by openssl
1.70
- DEBUG in http_headers now as expected
- < ?xml marker as HTML body understood
1.69
- HTTP 1.1 header
- removed in each cipher the proto openssl is returning
+ NEW: cipher_per_proto
1.68
- header parser for openssl
- HSTS
[..]
1.36
* fixed issue while connecting to non-webservers
1.35
* fixed portability issue on Ubuntu
1.34
* ip(v4) address in output, helps to tell different systems apart later on
* local hostname in output
1.31 (Halloween Release)
* bugfix: SSLv2 was kind of borken
* now it works for sure but ssl protocol are kind of ugly
1.30b (25.10.2012)
* bugfix: TLS 1.1/1.2 may lead to false negatives
* bugfix: CMDLINE -a/-e was misleading, now similar to help menu
1.3 (10/13/2012)
* can test now for cipher suites only
* can test now for protocols suites only
* tests for tls v1.1/v1.2 of local openssl supports it
* commandline "all "is rename to "each-cipher"
* banner when it's done
1.21a (10/4/2012)
* tests whether openssl has support for zlib compiled so that it avoids a false negative
1.21 (10/4/2012)
* CRIME support
1.20b
* bugfixed release
1.20a
* code cleanup
* showciphers variable introduced: only show ciphers if this is set (it is by
default now and there's a comment
* openssl version + path to it in the banner
1.20
* bugfix (ssl in ssl handshake failure is sometimes too much)
* date in output
* autodetection of CVS version removed
1.19
* bugfix
1.18
2021-09-03 23:37:37 +02:00
* Rearrangement of arguments: URL comes now always last!
2019-04-24 20:42:51 +02:00
* small code cleanups for readability
* individual cipher test is now with bold headline, not blue
* NOPARANOID flag tells whether medium grade ciphers are ok. NOW they are (=< 1.17 was paranoid )
1.17
2021-09-03 23:37:37 +02:00
* SSL tests now for renegotiation vulnerability!
2019-04-24 20:42:51 +02:00
* version detection of testssl.sh
* program has a banner
* fixed bug leading to a file named "1"
* comment for 128Bit ciphers
1.16
* major code cleanups
* cmd line options: port is now in first argument!!
* help is more verbose
* check whether on other server side is ssl server listening
* https:// can be now supplied also on the command line
* test all ciphers now
* new cleanup routine
* -a does not do standard test afterward, you need to run testssl a second
time w/o -a if you want this
1.12
* tests also medium grade ciphers (which you should NOT use)
* tests now also high grade ciphers which you SHOULD ONLY use
* switch for more verbose output of cipher for those cryptographically interested .
in rows: SSL version, Key eXchange, Authentication, Encryption and Message Authentication Code
* this is per default enabled (provide otherwise "" as VERB_CLIST)
* as a courtesy I am providing 64+32 Linux binaries for testing 56 Bit ciphers
1.11
2021-09-14 11:05:48 +02:00
* Hint for howto enable 56 Bit ciphers for testing
2019-04-24 20:42:51 +02:00
* possible to specify where openssl is (hardcoded, $ENV, last resort: auto)
* warns if netcat is not there
1.10
* somewhat first released version