Update attributions and Changes for release

If anything is missing or wrong please let us know or do a PR.

(This is until from earlier time to ~2018. >2019 need to follow)

CHANGELOG.md

@@ -12,12 +12,11 @@
 * DNS over Proxy and other proxy improvements
 * Decoding of unencrypted BIG IP cookies
 * Initial client certificate support
+* Warning of 825 day limit for certificates issued after 2018/3/1
 * Socket timeouts (``--connect-timeout``)
-* IDN/IDN2 servername support
+* IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
-* pwnedkeys.com support
-* Initial client certificate support
 * Initial support for certificate compression
-* Better JSON output: renamed IDs and findings shorter/better parsable
+* Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate
 * JSON output now valid also for non-responding servers
 * Testing now per default 370 ciphers
 * Further improving the robustness of TLS sockets (sending and parsing)
@@ -26,31 +25,34 @@
 * LOGJAM: now checking also for DH  and FFDHE groups (TLS 1.2)
 * PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
 * Check for session resumption (Ticket, ID)
-* TLS Robustness check (GREASE)
+* TLS Robustness check GREASE and more
 * Server preference distinguishes between TLS 1.3 and lower protocols
 * Mark TLS 1.0 and TLS 1.1 as deprecated
 * Does a few startup checks which make later tests easier and faster (``determine_optimal_\*()``)
 * Expect-CT Header Detection
 * `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
 * `--phone-out` checks whether the private key has been compromised via https://pwnedkeys.com/
-* Fully OpenBSD and LibreSSL support
 * Missing SAN warning
 * Added support for private CAs
-* Way better handling of connectivity problems
+* Way better handling of connectivity problems (counting those, if threshold exceeded -> bye)
 * Fixed TCP fragmentation
 * Added `--ids-friendly` switch
 * Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
 * Better error msg suppression (not fully installed OpenSSL)
 * Better parsing of HTTP headers & better output of longer HTTP headers
+* HTTP Basic Auth support for HTTP header
+* "eTLS" detection
 * Dockerfile and repo @ docker hub with that file (see above)
 * Java Root CA store added
 * Better support for XMPP via STARTTLS & faster
 * Certificate check for to-name in stream of XMPP
-* Support for NNTP via STARTTLS, fixes for MySQL and PostgresQL
+* Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL
 * Support for SNI and STARTTLS
 * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS)
-* Major update of client simulations with self-collected data
+* Major update of client simulations with self-collected up-to-date data
-* IDN/IDN2 and emoji URI support (supposed libidn/idn2 is installed and DNS resolver is recent)
+* Update of CA certificate stores
+* Lots of bug fixes
+* More travis/CI checks -- still place for improvements
 * Man page reviewed
 
 ### Features implemented in 2.9.5

CREDITS.md

@@ -1,24 +1,39 @@
 
+Full contribution, see git log.
+
+
+* Dirk Wetter (founder, maintainer and main contributor)
+  - Everything what's not mentioned below and is included in testssl.sh's git log
+    minus what I probably forgot to mention
+  (too much other things to do at the moment and to list it would be a tough job)
+
 * David Cooper (main contributor)
 
+  - Major extensions to socket support for all protocols
+  - extended parsing of TLS ServerHello messages
+  - TLS 1.3 support (final and pre-final)
+  - add several TLS extensions
   - Detection + output of multiple certificates
   - several cleanups of server certificate related stuff
-  - extended parsing of TLS ServerHello messages
   - testssl.sh -e/-E: testing with a mixture of openssl + sockets
-  - more ciphers
+  - add more ciphers
-  - finding more TLS extensions via sockets
+  - coloring of ciphers
   - extensive CN+SAN <--> hostname check
   - separate check for curves
   - RFC 7919, key shares extension
+  - keyUsage extension in certificate
+  - experimental "eTLS" detection
   - parallel mass testing!
   - RFC <--> OpenSSL cipher name space switches for the command line
-  - numerous fixes
   - better error msg suppression (not fully installed openssl
   - GREASE support
-  - Bleichenbacher vulnerability test
+  - Bleichenbacher / ROBOT vulnerability test
-  - TLS 1.3 support
+  - several protocol preferences improvements
+  - pwnedkeys.com support
+  - CT support
+  - Lots of fixes and improvements
 
-##### Credits also to
+##### Further credits (in alphabetical order)
 
 * Christoph Badura
   - NetBSD fixes
@@ -32,7 +47,10 @@
 
  * Steven Danneman
    - Postgres and MySQL STARTTLS support
-   * MongoDB support
+   - MongoDB support
+
+* Christian Dresen
+   - Dockerfile
 
 * Mark Felder
   - lots of cleanups
@@ -47,6 +65,15 @@
 * Maciej Grela
   - colorless handling
 
+* Hubert Kario
+  - helped with avoiding accidental TCP fragmentation
+
+* Jacco de Leeuw
+  - skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
+
+* Manuel
+  - HTTP basic auth
+
 * Markus Manzke
   - Fix for HSTS + subdomains
   - LibreSSL patch
@@ -94,9 +121,15 @@
   - initial MX stuff
   - fixes
 
+* Gonçalo Ribeiro
+  - --connect-timeout
+
 * Dmitri S
   - inspiration & help for Darwin port
 
+* Marcin Szychowski
+  - Quick'n'dirty client certificate support
+
 * Viktor Szépe
   - color function maker
 
@@ -112,14 +145,14 @@
 * @nvsofts (NV)
   - LibreSSL patch for GOST
 
-Others I forgot to mention which did give me feedback, bug reports and helped one way or another.
+Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
 
 
 ##### Last but not least:
 
 * OpenSSL team for providing openssl.
 
-* Ivan Ristic/Qualys for the liberal license which made it possible to use the client data
+* Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
 
 * My family for supporting me doing this work