From 878ab519c0193e247059e659e656ba9918d3743e Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 3 Oct 2016 20:21:38 +0200 Subject: [PATCH 1/4] update --- CREDITS.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/CREDITS.md b/CREDITS.md index cb857cd..e1a575f 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -19,15 +19,21 @@ * Frank Breedijk - Detection of insecure redirects - JSON and CSV output + - CA pinning - Client simulations - CI integration, test cases for it * David Cooper - Detection + output of multiple certificates - several cleanups of server certificate related stuff - - several minor fixes + - several fixes - improved parsing of TLS ServerHello messages - speed improvements when testing all ciphers + - extensive CN <--> hostname check + - seperate check for curves + +- Christoph Badura + - NetBSD fixes * Jean Marsault - client auth: ideas, code snipplets @@ -45,10 +51,10 @@ - ARM binary support * Jeroen Wiert Pluimers - - supplied new Darwin binaries + - Darwin binaries support * Julien Vehent - - supplied Darwin binary + - supplied 1st Darwin binary * Rechi - initial MX stuff @@ -58,6 +64,7 @@ - avahi/mDNS support - HTTP2/ALPN - bugfixes + - former ARM binary support * Дилян Палаузов - bug fix for 3des report @@ -93,3 +100,5 @@ * Ivan Ristic/Qualys for the liberal license which made it possible to use the client data +* my family for supporting me doing this work + From bf1d3933bfda13b03e3152af9d912508a151fff0 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Mon, 3 Oct 2016 20:28:44 +0200 Subject: [PATCH 2/4] Update Readme.md --- Readme.md | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/Readme.md b/Readme.md index ed1eee6..d15c85e 100644 --- a/Readme.md +++ b/Readme.md @@ -43,11 +43,7 @@ cygwin) work too. OpenSSL version >= 1 is a must. OpenSSL version >= 1.0.2 is needed for better LOGJAM checks and to display bit strengths for key exchanges. -#### Current Development - -Planned features in the release 2.7dev/2.8 are: - -https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29 +#### [Features in 2.8 stable](#2.8final) Done so far: @@ -55,23 +51,31 @@ Done so far: Microsoft (OS), Mozilla (Firefox Browser), works for openssl >=1.0.1 * IPv6 (status: 80% working, details see https://github.com/drwetter/testssl.sh/issues/11 -* works on servers requiring a x509 certificate for authentication +* works now on servers requiring a x509 certificate for authentication +* extensive CN <--> hostname check * SSL Session ID check * Avahi/mDNS based name resolution * HTTP2/ALPN protocol check * Logging to a file / dir -* Logging to JSON + CSV +* Logging to (flat) JSON + CSV * Check for multiple server certificates -* Browser cipher simulation +* Browser cipher simulation: what client will connect with which cipher + protocol +* GOST cipher+certificate improvements * Assistance for color-blind users * Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems * Considerable speed improvements for each cipher runs (-e/-E) -* More robust socket interface +* More robust SSLv2 + TLS socket interface +* seperate check for curves * OpenSSL 1.1.0 compliant +* check for DROWN * Whole number of bugs squashed Update notification here or @ [twitter](https://twitter.com/drwetter). +#### [Features in 2.9dev](#2.9dev) +* timeout in OpeenSL connect +* TLS 1.2 protocol check via socket + #### Contributions Contributions, feedback, bug reports are welcome! For contributions please From 248351eef51157f7f42219008b5b478b3afbcb71 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Mon, 3 Oct 2016 20:29:50 +0200 Subject: [PATCH 3/4] Update Readme.md --- Readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Readme.md b/Readme.md index d15c85e..318e56b 100644 --- a/Readme.md +++ b/Readme.md @@ -43,7 +43,7 @@ cygwin) work too. OpenSSL version >= 1 is a must. OpenSSL version >= 1.0.2 is needed for better LOGJAM checks and to display bit strengths for key exchanges. -#### [Features in 2.8 stable](#2.8final) +#### [Features in 2.8 stable](#28final) Done so far: @@ -72,7 +72,7 @@ Done so far: Update notification here or @ [twitter](https://twitter.com/drwetter). -#### [Features in 2.9dev](#2.9dev) +#### [Features in 2.9dev](#29dev) * timeout in OpeenSL connect * TLS 1.2 protocol check via socket From 9fe87223ccd7f19bb8cd10d803ea30a0b7116e74 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Mon, 3 Oct 2016 20:48:32 +0200 Subject: [PATCH 4/4] fix anchor --- Readme.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Readme.md b/Readme.md index 318e56b..f02d626 100644 --- a/Readme.md +++ b/Readme.md @@ -28,11 +28,12 @@ cryptographic flaws. #### General -Here in the master branch you find the development version of the software --- with new features and maybe some bugs. For the stable version and **a +Here in the master branch you find the stable version 2.8rc2 of the software, it +superseds 2.6. Version 2.8 is currently being finalized. The 2.9dev branch is the developemnet +-- with new features and maybe some bugs. For the stable version and **a more thorough description of the command line options** please see [testssl.sh](https://testssl.sh/ "Go to the site with the stable version -and more documentation"). +and more documentation") or https://github.com/drwetter/testssl.sh/wiki/Usage-Documentation. testssl.sh is working on every Linux/BSD distribution out of the box with some limitations of disabled features from the openssl client -- some @@ -43,7 +44,7 @@ cygwin) work too. OpenSSL version >= 1 is a must. OpenSSL version >= 1.0.2 is needed for better LOGJAM checks and to display bit strengths for key exchanges. -#### [Features in 2.8 stable](#28final) +#### [Features in 2.8 stable](Readme.md#stable) Done so far: @@ -72,7 +73,7 @@ Done so far: Update notification here or @ [twitter](https://twitter.com/drwetter). -#### [Features in 2.9dev](#29dev) +#### [Features in 2.9dev](Readme.md#devel) * timeout in OpeenSL connect * TLS 1.2 protocol check via socket