mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-30 20:31:15 +01:00
Merge pull request #2298 from drwetter/changelog_3.2
Start listing changes and contributions for 3.2
This commit is contained in:
Dirk Wetter
GitHub
commit
30e0c8418a
32
CHANGELOG.md
32
CHANGELOG.md
@ -3,36 +3,50 @@
|
|||||||
|
|
||||||
### Features implemented / improvements in 3.2
|
### Features implemented / improvements in 3.2
|
||||||
|
|
||||||
|
* Rating (SSL Labs, not complete)
|
||||||
* Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default)
|
* Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default)
|
||||||
|
* Remove "negotiated cipher / protocol"
|
||||||
|
* Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
|
||||||
|
* Switched to multi-stage docker image with opensuse base to avoid musl libc issues, performance gain also
|
||||||
* Improved compatibility with OpenSSL 3.0
|
* Improved compatibility with OpenSSL 3.0
|
||||||
|
* Improved compatibility with Open/LibreSSL versions not supporting TLS 1.0-1.1 anymore
|
||||||
* Renamed PFS/perfect forward secrecy --> FS/forward secrecy
|
* Renamed PFS/perfect forward secrecy --> FS/forward secrecy
|
||||||
|
* Cipher list straightening
|
||||||
* Improved mass testing
|
* Improved mass testing
|
||||||
* Align better colors of ciphers with standard cipherlists
|
* Better align colors of ciphers with standard cipherlists
|
||||||
* Added several ciphers to colored ciphers
|
* Save a few cycles for ROBOT
|
||||||
|
* Several ciphers more colorized
|
||||||
* Percent output char problem fixed
|
* Percent output char problem fixed
|
||||||
* Several display/output fixes
|
* Several display/output fixes
|
||||||
* BREACH check: list all compression methods and add brotli
|
* BREACH check: list all compression methods and add brotli
|
||||||
* Test for old winshock vulnerability
|
* Test for old winshock vulnerability
|
||||||
* Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
|
* Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
|
||||||
* Security fix: DNS input
|
* STARTTLS: XMPP server support, plus new set of OpenSSL-bad binaries
|
||||||
* Don't use external pwd anymore
|
* Several code improvements to STARTTLS, also better detection when no STARTTLS is offered
|
||||||
* STARTTLS: XMPP server support
|
* STARTTLS on active directory service support
|
||||||
* Code improvements to STARTTLS
|
* Security fixes: DNS and other input from servers
|
||||||
* Detect better when no STARTTLS is offered
|
|
||||||
* Rating (SSL Labs, not complete)
|
|
||||||
* Don't penalize missing trust in rating when CA not in Java store
|
* Don't penalize missing trust in rating when CA not in Java store
|
||||||
* Added support for certificates with EdDSA signatures and public keys
|
* Added support for certificates with EdDSA signatures and public keys
|
||||||
|
* Extract CA list shows supported certification authorities sent by the server
|
||||||
|
* TLS 1.2 and TLS 1.3 sig algs added
|
||||||
|
* Check for ffdhe groups
|
||||||
|
* Show server supported signature algorithms
|
||||||
* --add-ca can also now be a directory with \*.pem files
|
* --add-ca can also now be a directory with \*.pem files
|
||||||
* Warning of 398 day limit for certificates issued after 2020/9/1
|
* Warning of 398 day limit for certificates issued after 2020/9/1
|
||||||
* Added environment variable for amount of attempts for ssl renegotiation check
|
* Added environment variable for amount of attempts for ssl renegotiation check
|
||||||
* Added --user-agent argument to support using a custom User Agent
|
* Added --user-agent argument to support using a custom User Agent
|
||||||
* Added --overwrite argument to support overwriting output files without warning
|
* Added --overwrite argument to support overwriting output files without warning
|
||||||
* Headerflag X-XSS-Protection is now labeled as INFO
|
* Headerflag X-XSS-Protection is now labeled as INFO
|
||||||
|
* Strict parser for HSTS
|
||||||
|
* DNS via proxy improvements
|
||||||
* Client simulation runs in wide mode which is even better readable
|
* Client simulation runs in wide mode which is even better readable
|
||||||
* Added --reqheader to support custom headers in HTTP requests
|
* Added --reqheader to support custom headers in HTTP requests
|
||||||
* Test for support for RFC 8879 certificate compression
|
* Test for support for RFC 8879 certificate compression
|
||||||
|
* Deprecating --fast and --ssl-native (warning but still av)
|
||||||
|
* Compatible to GNU grep 3.8
|
||||||
|
* Don't use external pwd command anymore
|
||||||
* Doesn't hang anymore when there's no local resolver
|
* Doesn't hang anymore when there's no local resolver
|
||||||
* Dockerfiles refactored to be multistaged: performance gain+address bugs/inconsistencies
|
|
||||||
|
|
||||||
### Features implemented / improvements in 3.0
|
### Features implemented / improvements in 3.0
|
||||||
|
|
||||||
|
|||||||
11
CREDITS.md
11
CREDITS.md
@ -9,7 +9,7 @@ Full contribution, see git log.
|
|||||||
* David Cooper (main contributor)
|
* David Cooper (main contributor)
|
||||||
- Major extensions to socket support for all protocols
|
- Major extensions to socket support for all protocols
|
||||||
- extended parsing of TLS ServerHello messages
|
- extended parsing of TLS ServerHello messages
|
||||||
- TLS 1.3 support (final and pre-final)
|
- TLS 1.3 support (final and pre-final) with needed en/decryption
|
||||||
- add several TLS extensions
|
- add several TLS extensions
|
||||||
- Detection + output of multiple certificates
|
- Detection + output of multiple certificates
|
||||||
- several cleanups of server certificate related stuff
|
- several cleanups of server certificate related stuff
|
||||||
@ -29,7 +29,16 @@ Full contribution, see git log.
|
|||||||
- several protocol preferences improvements
|
- several protocol preferences improvements
|
||||||
- pwnedkeys.com support
|
- pwnedkeys.com support
|
||||||
- CT support
|
- CT support
|
||||||
|
- Extract CA list CertificateRequest message is encountered
|
||||||
- RFC 8879, certificate compression
|
- RFC 8879, certificate compression
|
||||||
|
- 128 cipher limit, padding
|
||||||
|
- compatibility for LibreSSL and different OpenSSL versions
|
||||||
|
- Check for ffdhe groups
|
||||||
|
- TLS 1.2 and TLS 1.3 sig algs added
|
||||||
|
- Show server supported signature algorithms
|
||||||
|
- Show supported certification authorities sent by the server when client auth is requested
|
||||||
|
- Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
|
||||||
|
- Provide compatibility to every LibreSSL/OpenSSL versions
|
||||||
- Lots of fixes and improvements
|
- Lots of fixes and improvements
|
||||||
|
|
||||||
##### Further credits (in alphabetical order)
|
##### Further credits (in alphabetical order)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user