Copied from readme

This commit is contained in:
Dirk 2019-04-23 23:14:02 +02:00
parent 9c08a9df8c
commit de0141d967
1 changed files with 38 additions and 0 deletions

38
CHANGELOG.md Normal file
View File

@ -0,0 +1,38 @@
#### Features implemented in 2.9dev:
* Full support of TLS 1.3, shows also drafts supported
* ROBOT check
* Better TLS extension support
* Better OpenSSL 1.1.1 support
* DNS over Proxy and other proxy improvements
* Decoding of unencrypted BIG IP cookies
* Better JSON output: renamed IDs and findings shorter/better parsable
* JSON output now valid also for non-responding servers
* Testing now per default 370 ciphers
* Further improving the robustness of TLS sockets (sending and parsing)
* Support of supplying timeout value for `openssl connect` -- useful for batch/mass scanning
* File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
* LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2)
* PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
* Check for session resumption (Ticket, ID)
* TLS Robustness check (GREASE)
* Expect-CT Header Detection
* `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
* Fully OpenBSD and LibreSSL support
* Missing SAN warning
* Added support for private CAs
* Man page reviewed
* Better error msg suppression (not fully installed OpenSSL)
* Way better handling of connectivity problems
* Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
* Dockerfile and repo @ docker hub with that file (see above)
* Java Root CA store added
* Better support for XMPP via STARTTLS & faster
* Certificate check for to-name in stream of XMPP
* Support for NNTP via STARTTLS
* More robustness for any STARTTLS protocol (fall back to plaintext while in TLS)
* Fixed TCP fragmentation
* Added `--ids-friendly` switch
* Major update of client simulations with self-collected data