From 8bc2909899ad5f5d9e5b640872bbf40549adce46 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Fri, 14 Aug 2015 13:34:45 +0200 Subject: [PATCH] updated from git log for upcoming release --- Readme.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/Readme.md b/Readme.md index 18fbb76..a8b95df 100644 --- a/Readme.md +++ b/Readme.md @@ -9,24 +9,30 @@ It is working on every Linux distribution out of the box with some limitations o On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see [testssl.sh](https://testssl.sh/ "Go to the site with the stable version and more documentation"). -New features in the upcoming stable release 2.6 are: +New features in the soon upcoming stable release 2.6 are: * display matching key (HPKP) * LOGJAM 1: check DHE_EXPORT cipher * LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers * "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name +* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit) +* OS X binaries (@jvehent, new builds: @jpluimers) +* ARM binaries (@f-s)) * TLS_FALLBACK_SCSV check -- Thx @JonnyHightower * (HTTP) proxy support! -- Thx @jnewbigin * Extended validation certificate detection * Run in default mode through all ciphers at the end of a default run * will test multiple IP adresses in one shot, --ip= restricts it accordingly +* provide a --file option where testssl.sh commands are being read from -- for mass testing * can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams). -* support of sockets for STARTTLS protocols (with exception of SSLv2 you need to supply EXPERIMENTAL=yes) * mass testing file option ``--file``, see https://twitter.com/drwetter/status/627619848344989696 -* TLS time for STARTTLS protocols -* TLS 1.0-1.1 as socket per default in production -* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit) -* LibreSSL fixes, still not recommended to use though (see https://testssl.sh/) +* TLS time and HTTP time stamps +* TLS time displayed also for STARTTLS protocols +* support of sockets for STARTTLS protocols (with exception of SSLv2 you need to supply EXPERIMENTAL=yes) +* TLS 1.0-1.1 as socket checks per default in production +* further detection of security relevant headers (reverse proxy, IPv4 addresses), proprietary banners (OWA, Liferay etc.) +* LibreSSL fixes, still not recommended to use though (see https://testssl.sh/) +* lots of fixes, code improvements Currently we're running 2.6rc1. means it's feature freeze and latest bugs are being squashed.