diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2942f07..4084521 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
* Improved compatibility with Open/LibreSSL versions not supporting TLS 1.0-1.1 anymore
* Renamed PFS/perfect forward secrecy --> FS/forward secrecy
* Cipher list straightening
+* Support RFC 9150 cipher suites
* Improved mass testing
* Better align colors of ciphers with standard cipherlists
* Save a few cycles for ROBOT
@@ -23,13 +24,16 @@
* Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
* STARTTLS: XMPP server support, plus new set of OpenSSL-bad binaries
* Several code improvements to STARTTLS, also better detection when no STARTTLS is offered
+* Renegotiation checks more reliable against different servers
* STARTTLS on active directory service support
* Security fixes: DNS and other input from servers
* Don't penalize missing trust in rating when CA not in Java store
* Added support for certificates with EdDSA signatures and public keys
* Extract CA list shows supported certification authorities sent by the server
+* Wildcard certificates: detection and warning
* TLS 1.2 and TLS 1.3 sig algs added
* Check for ffdhe groups
+* Check for three KEMs in draft-kwiatkowski-tls-ecdhe-mlkem/draft-tls-westerbaan-xyber768d00
* Show server supported signature algorithms
* --add-ca can also now be a directory with \*.pem files
* Warning of 398 day limit for certificates issued after 2020/9/1
@@ -41,6 +45,7 @@
* DNS via proxy improvements
* Client simulation runs in wide mode which is even better readable
* Added --reqheader to support custom headers in HTTP requests
+* Search for more HTTP security headers on the server
* Test for support for RFC 8879 certificate compression
* Deprecating --fast and --ssl-native (warning but still av)
* Compatible to GNU grep 3.8
diff --git a/bin/Readme.md b/bin/Readme.md
index 83d7094..2998804 100644
--- a/bin/Readme.md
+++ b/bin/Readme.md
@@ -10,7 +10,7 @@ for some new / advanced cipher suites and/or features which are not in the
official branch like (old version of the) CHACHA20+POLY1305 and CAMELLIA 256 bit ciphers.
The (stripped) binaries this directory are all compiled from my openssl snapshot
-(https://github.com/drwetter/openssl-1.0.2.bad) which adds a few bits to Peter
+(https://github.com/testssl/openssl-1.0.2.bad) which adds a few bits to Peter
Mosman's openssl fork (https://github.com/PeterMosmans/openssl). Thx a bunch, Peter!
The few bits are IPv6 support (except IPV6 proxy) and some STARTTLS backports.
@@ -71,11 +71,11 @@ Compilation instructions
If you want to compile OpenSSL yourself, here are the instructions:
1.)
- git git clone https://github.com/drwetter/openssl-1.0.2-bad
+ git git clone https://github.com/testssl/openssl-1.0.2-bad
cd openssl
-2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/utils/make-openssl.sh)
+2.) configure the damned thing. Options I used (see https://github.com/testssl/testssl.sh/blob/master/utils/make-openssl.sh)
**for 64Bit including Kerberos ciphers:**
diff --git a/doc/testssl.1 b/doc/testssl.1
index e57bc0e..810d54a 100644
--- a/doc/testssl.1
+++ b/doc/testssl.1
@@ -607,4 +607,4 @@ All native Windows platforms emulating Linux are known to be slow\.
.SH "BUGS"
Probably\. Current known ones and interface for filing new ones: https://testssl\.sh/bugs/ \.
.SH "SEE ALSO"
-\fBciphers\fR(1), \fBopenssl\fR(1), \fBs_client\fR(1), \fBx509\fR(1), \fBverify\fR(1), \fBocsp\fR(1), \fBcrl\fR(1), \fBbash\fR(1) and the websites https://testssl\.sh/ and https://github\.com/drwetter/testssl\.sh/ \.
+\fBciphers\fR(1), \fBopenssl\fR(1), \fBs_client\fR(1), \fBx509\fR(1), \fBverify\fR(1), \fBocsp\fR(1), \fBcrl\fR(1), \fBbash\fR(1) and the websites https://testssl\.sh/ and https://github\.com/testssl/testssl\.sh/ \.
diff --git a/doc/testssl.1.html b/doc/testssl.1.html
index dbcbba5..0336c4b 100644
--- a/doc/testssl.1.html
+++ b/doc/testssl.1.html
@@ -681,7 +681,7 @@ from. That helps us to get bugfixes, other feedback and more contributions.
SEE ALSO
-ciphers(1), openssl(1), s_client(1), x509(1), verify(1), ocsp(1), crl(1), bash(1) and the websites https://testssl.sh/ and https://github.com/drwetter/testssl.sh/ .
+ciphers(1), openssl(1), s_client(1), x509(1), verify(1), ocsp(1), crl(1), bash(1) and the websites https://testssl.sh/ and https://github.com/testssl/testssl.sh/ .