From 41cc0f137e743882465268eecb5eeb68f35be989 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Tue, 23 Apr 2019 22:21:44 +0200
Subject: [PATCH] Late adding change log for 2.9.5

---
 ChangeLog.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 ChangeLog.md

diff --git a/ChangeLog.md b/ChangeLog.md
new file mode 100644
index 0000000..1a6cb80
--- /dev/null
+++ b/ChangeLog.md
@@ -0,0 +1,25 @@
+#### Features implemented in 2.9.5 (short version)
+
+* Way better coverage of ciphers as most checks are done via bash sockets where ever possible
+* Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness)
+* Testing 359 default ciphers (``testssl.sh -e/-E``) with a mixture of sockets and openssl. Same speed as with openssl only but addtional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
+* TLS 1.2 protocol check via sockets in production
+* Finding more TLS extensions via sockets
+* TLS Supported Groups Registry (RFC 7919), key shares extension
+* Non-flat JSON output support
+* File output (CSV, JSON flat, JSON non-flat) supports a minimum severity level (only above supplied level there will be output)
+* Native HTML support instead going through 'aha'
+* LUCKY13 and SWEET32 checks
+* Ticketbleed check
+* LOGJAM: now checking also for known DH parameters
+* Support of supplying timeout value for ``openssl connect`` -- useful for batch/mass scanning
+* Parallel mass testing
+* Check for CAA RR
+* Check for OCSP must staple
+* Check for Certificate Transparency
+* Check for session resumption (Ticket, ID)
+* Better formatting of output (indentation)
+* Choice showing the RFC naming scheme only
+* File input for mass testing can be also in nmap grep(p)able (-oG) format
+* Postgres und MySQL STARTTLS support
+* Man page