Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated from git log for upcoming release

Browse Source
This commit is contained in:
Dirk Wetter
2015-08-14 13:34:45 +02:00
parent 58a1c1c1da
commit 8bc2909899
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Readme.md
View File

@@ -9,24 +9,30 @@ It is working on every Linux distribution out of the box with some limitations o
On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see [testssl.sh](https://testssl.sh/ "Go to the site with the stable version and more documentation").
New features in the upcoming stable release 2.6 are:
New features in the soon upcoming stable release 2.6 are:
* display matching key (HPKP)
* LOGJAM 1: check DHE_EXPORT cipher
* LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers
* "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name
* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit)
* OS X binaries (@jvehent, new builds: @jpluimers)
* ARM binaries (@f-s))
* TLS_FALLBACK_SCSV check -- Thx @JonnyHightower
* (HTTP) proxy support! -- Thx @jnewbigin
* Extended validation certificate detection
* Run in default mode through all ciphers at the end of a default run
* will test multiple IP adresses in one shot, --ip=<adress|"one"> restricts it accordingly
* provide a --file option where testssl.sh commands are being read from -- for mass testing
* can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams).
* support of sockets for STARTTLS protocols (with exception of SSLv2 you need to supply EXPERIMENTAL=yes)
* mass testing file option ``--file``, see https://twitter.com/drwetter/status/627619848344989696
* TLS time for STARTTLS protocols
* TLS 1.0-1.1 as socket per default in production
* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit)
* LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)
* TLS time and HTTP time stamps
* TLS time displayed also for STARTTLS protocols
* support of sockets for STARTTLS protocols (with exception of SSLv2 you need to supply EXPERIMENTAL=yes)
* TLS 1.0-1.1 as socket checks per default in production
* further detection of security relevant headers (reverse proxy, IPv4 addresses), proprietary banners (OWA, Liferay etc.)
* LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)
* lots of fixes, code improvements
Currently we're running 2.6rc1. means it's feature freeze and latest bugs are being squashed.