Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-04-19 09:23:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3015 from testssl/dcooper16-1

Browse Source 
Add draft-yang-tls-hybrid-sm2-mlkem
This commit is contained in:
Dirk Wetter
2026-04-09 11:53:23 +02:00
committed by GitHub
parent adff28d50c e370aabb33
commit 012a296184
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -5,6 +5,7 @@
* QUIC protocol check * QUIC protocol check
* TLS 1.3 early data (0-RTT) * TLS 1.3 early data (0-RTT)
* Support for RFC 8998 and draft-yang-tls-hybrid-sm2-mlkem (TLS_SM4_GCM_SM3, TLS_SM4_CCM_SM3 ciphers, kx groups curveSM2, curveSM2MLKEM768; SM2 pub keys + signatures)
* Adds a check for mandatory extended master secret TLS extension * Adds a check for mandatory extended master secret TLS extension
* Bump SSLlabs rating guide to 2009r * Bump SSLlabs rating guide to 2009r
* Check for Opossum vulnerability * Check for Opossum vulnerability

4
CREDITS.md
View File

@@ -11,6 +11,7 @@ Full contribution, see git log.
- extended parsing of TLS ServerHello messages - extended parsing of TLS ServerHello messages
- TLS 1.3 support (final and pre-final) with needed en/decryption - TLS 1.3 support (final and pre-final) with needed en/decryption
- add several TLS extensions - add several TLS extensions
- Several ciphers and curves added
- Detection + output of multiple certificates - Detection + output of multiple certificates
- several cleanups of server certificate related stuff - several cleanups of server certificate related stuff
- testssl.sh -e/-E: testing with a mixture of openssl + sockets - testssl.sh -e/-E: testing with a mixture of openssl + sockets
@@ -33,12 +34,13 @@ Full contribution, see git log.
- RFC 8879, certificate compression - RFC 8879, certificate compression
- 128 cipher limit, padding - 128 cipher limit, padding
- compatibility for LibreSSL and different OpenSSL versions - compatibility for LibreSSL and different OpenSSL versions
- PQC support: ML_KEMs, ML-DSA, curveSM2MLKEM768
- Check for ffdhe and ML-KEM groups - Check for ffdhe and ML-KEM groups
- TLS 1.2 and TLS 1.3 sig algs added - TLS 1.2 and TLS 1.3 sig algs added
- Show server supported signature algorithms - Show server supported signature algorithms
- Show supported certification authorities sent by the server when client auth is requested and whether certificate-based client authentication is not requested, optional, or required. - Show supported certification authorities sent by the server when client auth is requested and whether certificate-based client authentication is not requested, optional, or required.
- Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol - Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
- Provide compatibility to every LibreSSL/OpenSSL versions, including OpenSSL 3.5.0 - Provide compatibility to every LibreSSL/OpenSSL versions, including OpenSSL 4.0
- Lots of fixes and improvements - Lots of fixes and improvements
##### Further credits (in alphabetical order) ##### Further credits (in alphabetical order)