diff --git a/CREDITS.md b/CREDITS.md index cb857cd..e1a575f 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -19,15 +19,21 @@ * Frank Breedijk - Detection of insecure redirects - JSON and CSV output + - CA pinning - Client simulations - CI integration, test cases for it * David Cooper - Detection + output of multiple certificates - several cleanups of server certificate related stuff - - several minor fixes + - several fixes - improved parsing of TLS ServerHello messages - speed improvements when testing all ciphers + - extensive CN <--> hostname check + - seperate check for curves + +- Christoph Badura + - NetBSD fixes * Jean Marsault - client auth: ideas, code snipplets @@ -45,10 +51,10 @@ - ARM binary support * Jeroen Wiert Pluimers - - supplied new Darwin binaries + - Darwin binaries support * Julien Vehent - - supplied Darwin binary + - supplied 1st Darwin binary * Rechi - initial MX stuff @@ -58,6 +64,7 @@ - avahi/mDNS support - HTTP2/ALPN - bugfixes + - former ARM binary support * Дилян Палаузов - bug fix for 3des report @@ -93,3 +100,5 @@ * Ivan Ristic/Qualys for the liberal license which made it possible to use the client data +* my family for supporting me doing this work + diff --git a/Readme.md b/Readme.md index ed1eee6..f02d626 100644 --- a/Readme.md +++ b/Readme.md @@ -28,11 +28,12 @@ cryptographic flaws. #### General -Here in the master branch you find the development version of the software --- with new features and maybe some bugs. For the stable version and **a +Here in the master branch you find the stable version 2.8rc2 of the software, it +superseds 2.6. Version 2.8 is currently being finalized. The 2.9dev branch is the developemnet +-- with new features and maybe some bugs. For the stable version and **a more thorough description of the command line options** please see [testssl.sh](https://testssl.sh/ "Go to the site with the stable version -and more documentation"). +and more documentation") or https://github.com/drwetter/testssl.sh/wiki/Usage-Documentation. testssl.sh is working on every Linux/BSD distribution out of the box with some limitations of disabled features from the openssl client -- some @@ -43,11 +44,7 @@ cygwin) work too. OpenSSL version >= 1 is a must. OpenSSL version >= 1.0.2 is needed for better LOGJAM checks and to display bit strengths for key exchanges. -#### Current Development - -Planned features in the release 2.7dev/2.8 are: - -https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29 +#### [Features in 2.8 stable](Readme.md#stable) Done so far: @@ -55,23 +52,31 @@ Done so far: Microsoft (OS), Mozilla (Firefox Browser), works for openssl >=1.0.1 * IPv6 (status: 80% working, details see https://github.com/drwetter/testssl.sh/issues/11 -* works on servers requiring a x509 certificate for authentication +* works now on servers requiring a x509 certificate for authentication +* extensive CN <--> hostname check * SSL Session ID check * Avahi/mDNS based name resolution * HTTP2/ALPN protocol check * Logging to a file / dir -* Logging to JSON + CSV +* Logging to (flat) JSON + CSV * Check for multiple server certificates -* Browser cipher simulation +* Browser cipher simulation: what client will connect with which cipher + protocol +* GOST cipher+certificate improvements * Assistance for color-blind users * Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems * Considerable speed improvements for each cipher runs (-e/-E) -* More robust socket interface +* More robust SSLv2 + TLS socket interface +* seperate check for curves * OpenSSL 1.1.0 compliant +* check for DROWN * Whole number of bugs squashed Update notification here or @ [twitter](https://twitter.com/drwetter). +#### [Features in 2.9dev](Readme.md#devel) +* timeout in OpeenSL connect +* TLS 1.2 protocol check via socket + #### Contributions Contributions, feedback, bug reports are welcome! For contributions please