Merge pull request #3015 from testssl/dcooper16-1

Add draft-yang-tls-hybrid-sm2-mlkem

CHANGELOG.md

@@ -5,6 +5,7 @@
 
 * QUIC protocol check
 * TLS 1.3 early data (0-RTT)
+* Support for RFC 8998 and draft-yang-tls-hybrid-sm2-mlkem (TLS_SM4_GCM_SM3, TLS_SM4_CCM_SM3 ciphers, kx groups curveSM2, curveSM2MLKEM768; SM2 pub keys + signatures)
 * Adds a check for mandatory extended master secret TLS extension
 * Bump SSLlabs rating guide to 2009r
 * Check for Opossum vulnerability

CREDITS.md

@@ -11,6 +11,7 @@ Full contribution, see git log.
   - extended parsing of TLS ServerHello messages
   - TLS 1.3 support (final and pre-final) with needed en/decryption
   - add several TLS extensions
+  - Several ciphers and curves added 
   - Detection + output of multiple certificates
   - several cleanups of server certificate related stuff
   - testssl.sh -e/-E: testing with a mixture of openssl + sockets
@@ -33,12 +34,13 @@ Full contribution, see git log.
   - RFC 8879, certificate compression
   - 128 cipher limit, padding
   - compatibility for LibreSSL and different OpenSSL versions
+  - PQC support: ML_KEMs, ML-DSA, curveSM2MLKEM768
   - Check for ffdhe and ML-KEM groups
   - TLS 1.2 and TLS 1.3 sig algs added
   - Show server supported signature algorithms
   - Show supported certification authorities sent by the server when client auth is requested and whether certificate-based client authentication is not requested, optional, or required.
   - Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
- -  Provide compatibility to every LibreSSL/OpenSSL versions, including OpenSSL 3.5.0
+ -  Provide compatibility to every LibreSSL/OpenSSL versions, including OpenSSL 4.0
   - Lots of fixes and improvements
 
 ##### Further credits (in alphabetical order)