Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2566 from testssl/bump_version

Browse Source 
Bump version to 3.2rc4
This commit is contained in:
Dirk Wetter
2025-01-24 15:47:11 +01:00
committed by GitHub
parent 5eeab6484f 76cdf3166a
commit 5c1232b9dc
9 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@@ -12,6 +12,7 @@
* Improved compatibility with Open/LibreSSL versions not supporting TLS 1.0-1.1 anymore
* Renamed PFS/perfect forward secrecy --> FS/forward secrecy
* Cipher list straightening
* Support RFC 9150 cipher suites
* Improved mass testing
* Better align colors of ciphers with standard cipherlists
* Save a few cycles for ROBOT
@@ -23,13 +24,16 @@
* Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
* STARTTLS: XMPP server support, plus new set of OpenSSL-bad binaries
* Several code improvements to STARTTLS, also better detection when no STARTTLS is offered
* Renegotiation checks more reliable against different servers
* STARTTLS on active directory service support
* Security fixes: DNS and other input from servers
* Don't penalize missing trust in rating when CA not in Java store
* Added support for certificates with EdDSA signatures and public keys
* Extract CA list shows supported certification authorities sent by the server
* Wildcard certificates: detection and warning
* TLS 1.2 and TLS 1.3 sig algs added
* Check for ffdhe groups
* Check for three KEMs in draft-kwiatkowski-tls-ecdhe-mlkem/draft-tls-westerbaan-xyber768d00
* Show server supported signature algorithms
* --add-ca can also now be a directory with \*.pem files
* Warning of 398 day limit for certificates issued after 2020/9/1
@@ -41,6 +45,7 @@
* DNS via proxy improvements
* Client simulation runs in wide mode which is even better readable
* Added --reqheader to support custom headers in HTTP requests
* Search for more HTTP security headers on the server
* Test for support for RFC 8879 certificate compression
* Deprecating --fast and --ssl-native (warning but still av)
* Compatible to GNU grep 3.8

6
bin/Readme.md
View File

@@ -10,7 +10,7 @@ for some new / advanced cipher suites and/or features which are not in the
official branch like (old version of the) CHACHA20+POLY1305 and CAMELLIA 256 bit ciphers.
The (stripped) binaries this directory are all compiled from my openssl snapshot
(https://github.com/drwetter/openssl-1.0.2.bad) which adds a few bits to Peter
(https://github.com/testssl/openssl-1.0.2.bad) which adds a few bits to Peter
Mosman's openssl fork (https://github.com/PeterMosmans/openssl). Thx a bunch, Peter!
The few bits are IPv6 support (except IPV6 proxy) and some STARTTLS backports.
@@ -71,11 +71,11 @@ Compilation instructions
If you want to compile OpenSSL yourself, here are the instructions:
1.)
git git clone https://github.com/drwetter/openssl-1.0.2-bad
git git clone https://github.com/testssl/openssl-1.0.2-bad
cd openssl
2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/utils/make-openssl.sh)
2.) configure the damned thing. Options I used (see https://github.com/testssl/testssl.sh/blob/master/utils/make-openssl.sh)
**for 64Bit including Kerberos ciphers:**

2
doc/testssl.1
View File

@@ -607,4 +607,4 @@ All native Windows platforms emulating Linux are known to be slow\.
.SH "BUGS"
Probably\. Current known ones and interface for filing new ones: https://testssl\.sh/bugs/ \.
.SH "SEE ALSO"
\fBciphers\fR(1), \fBopenssl\fR(1), \fBs_client\fR(1), \fBx509\fR(1), \fBverify\fR(1), \fBocsp\fR(1), \fBcrl\fR(1), \fBbash\fR(1) and the websites https://testssl\.sh/ and https://github\.com/drwetter/testssl\.sh/ \.
\fBciphers\fR(1), \fBopenssl\fR(1), \fBs_client\fR(1), \fBx509\fR(1), \fBverify\fR(1), \fBocsp\fR(1), \fBcrl\fR(1), \fBbash\fR(1) and the websites https://testssl\.sh/ and https://github\.com/testssl/testssl\.sh/ \.

2
doc/testssl.1.html
View File

@@ -681,7 +681,7 @@ from. That helps us to get bugfixes, other feedback and more contributions.</p>
<h2 id="SEE-ALSO">SEE ALSO</h2>
<p><span class="man-ref"><code>ciphers</code><span class="s">(1)</span></span>, <span class="man-ref"><code>openssl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>s_client</code><span class="s">(1)</span></span>, <span class="man-ref"><code>x509</code><span class="s">(1)</span></span>, <span class="man-ref"><code>verify</code><span class="s">(1)</span></span>, <span class="man-ref"><code>ocsp</code><span class="s">(1)</span></span>, <span class="man-ref"><code>crl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>bash</code><span class="s">(1)</span></span> and the websites https://testssl.sh/ and https://github.com/drwetter/testssl.sh/ .</p>
<p><span class="man-ref"><code>ciphers</code><span class="s">(1)</span></span>, <span class="man-ref"><code>openssl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>s_client</code><span class="s">(1)</span></span>, <span class="man-ref"><code>x509</code><span class="s">(1)</span></span>, <span class="man-ref"><code>verify</code><span class="s">(1)</span></span>, <span class="man-ref"><code>ocsp</code><span class="s">(1)</span></span>, <span class="man-ref"><code>crl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>bash</code><span class="s">(1)</span></span> and the websites https://testssl.sh/ and https://github.com/testssl/testssl.sh/ .</p>
<ol class='man-decor man-foot man foot'>
<li class='tl'></li>

2
doc/testssl.1.md
View File

@@ -587,4 +587,4 @@ Probably. Current known ones and interface for filing new ones: https://testssl.
## SEE ALSO
`ciphers`(1), `openssl`(1), `s_client`(1), `x509`(1), `verify`(1), `ocsp`(1), `crl`(1), `bash`(1) and the websites https://testssl.sh/ and https://github.com/drwetter/testssl.sh/ .
`ciphers`(1), `openssl`(1), `s_client`(1), `x509`(1), `verify`(1), `ocsp`(1), `crl`(1), `bash`(1) and the websites https://testssl.sh/ and https://github.com/testssl/testssl.sh/ .

2
etc/tls_data.txt
View File

@@ -1,7 +1,7 @@
# data we need for socket based handshakes
# see #807 and #806 (especially
# https://github.com/drwetter/testssl.sh/issues/806#issuecomment-318686374)
# https://github.com/testssl/testssl.sh/issues/806#issuecomment-318686374)
# 7 ciphers defined for TLS 1.3 in RFCs 8446 and 9150
readonly TLS13_CIPHER="

2
t/11_baseline_ipv6_http.t.DISABLED
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env perl
# disabled as IPv6 is not supported by Travis, see https://github.com/drwetter/testssl.sh/issues/1177
# disabled as IPv6 wasn't supported by Travis CI and isn't by GH action, see https://github.com/testssl/testssl.sh/issues/1177
# Just a functional test, whether there are any problems on the client side
# Probably we could also inspect the JSON for any problems for

2
testssl.sh
View File

@@ -122,7 +122,7 @@ trap "child_error" USR1
########### Internal definitions
#
declare -r VERSION="3.2rc3"
declare -r VERSION="3.2rc4"
declare -r SWCONTACT="dirk aet testssl dot sh"
[[ "$VERSION" =~ dev|rc|beta ]] && \
SWURL="https://testssl.sh/dev/" ||

2
utils/make-openssl.sh
View File

@@ -69,7 +69,7 @@ testv6_patch() {
else
echo
echo "no IPv6 patch (Fedora) detected!! -- Press ^C and dl & apply from"
echo "https://github.com/drwetter/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff"
echo "https://github.com/testssl/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff"
echo "or press any key to ignore"
echo
read a