Merge pull request #1410 from drwetter/drwetter-clpatch

Amend with log for upcoming rc6
This commit is contained in:
Dirk Wetter 2019-12-11 21:49:36 +01:00 committed by GitHub
commit 93a1d9441c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -6,9 +6,15 @@
* Full support of TLS 1.3, shows also drafts supported * Full support of TLS 1.3, shows also drafts supported
* ROBOT check * ROBOT check
* Better TLS extension support * Better TLS extension support
* Better OpenSSL 1.1.1 support * Better OpenSSL 1.1.1 and higher versions support
* DNS over Proxy and other proxy improvements * DNS over Proxy and other proxy improvements
* Decoding of unencrypted BIG IP cookies * Decoding of unencrypted BIG IP cookies
* Initial client certificate support
* Socket timeouts (``--connect-timeout``)
* IDN/IDN2 servername support
* pwnedkeys.com support
* Initial client certificate support
* Initial support for certificate compression
* Better JSON output: renamed IDs and findings shorter/better parsable * Better JSON output: renamed IDs and findings shorter/better parsable
* JSON output now valid also for non-responding servers * JSON output now valid also for non-responding servers
* Testing now per default 370 ciphers * Testing now per default 370 ciphers
@ -20,6 +26,7 @@
* Check for session resumption (Ticket, ID) * Check for session resumption (Ticket, ID)
* TLS Robustness check (GREASE) * TLS Robustness check (GREASE)
* Server preference distinguishes between TLS 1.3 and lower protocols * Server preference distinguishes between TLS 1.3 and lower protocols
* Mark TLS 1.0 and TLS 1.1 as deprecated
* Does a few startup checks which make later tests easier and faster (determine_optimal_\*() ) * Does a few startup checks which make later tests easier and faster (determine_optimal_\*() )
* Expect-CT Header Detection * Expect-CT Header Detection
* `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL * `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
@ -32,11 +39,12 @@
* Added `--ids-friendly` switch * Added `--ids-friendly` switch
* Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors. * Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
* Better error msg suppression (not fully installed OpenSSL) * Better error msg suppression (not fully installed OpenSSL)
* Better parsing of HTTP headers & better output of longer HTTP headers
* Dockerfile and repo @ docker hub with that file (see above) * Dockerfile and repo @ docker hub with that file (see above)
* Java Root CA store added * Java Root CA store added
* Better support for XMPP via STARTTLS & faster * Better support for XMPP via STARTTLS & faster
* Certificate check for to-name in stream of XMPP * Certificate check for to-name in stream of XMPP
* Support for NNTP via STARTTLS * Support for NNTP via STARTTLS, fixes for MySQL and PostgresQL
* Support for SNI and STARTTLS * Support for SNI and STARTTLS
* More robustness for any STARTTLS protocol (fall back to plaintext while in TLS) * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS)
* Major update of client simulations with self-collected data * Major update of client simulations with self-collected data