Merge branch 'master' of github.com:drwetter/testssl.sh

CREDITS.md

@@ -19,15 +19,21 @@
 * Frank Breedijk
  - Detection of insecure redirects
  - JSON and CSV output
+ - CA pinning
  - Client simulations
  - CI integration, test cases for it
 
 * David Cooper
  - Detection + output of multiple certificates
  - several cleanups of server certificate related stuff
- - several minor fixes
+ - several fixes
  - improved parsing of TLS ServerHello messages
  - speed improvements when testing all ciphers
+ - extensive CN <--> hostname check
+ - seperate check for curves
+
+- Christoph Badura
+ - NetBSD fixes
 
 * Jean Marsault
  - client auth: ideas, code snipplets
@@ -45,10 +51,10 @@
  - ARM binary support  
 
 * Jeroen Wiert Pluimers
-  - supplied new Darwin binaries
+  - Darwin binaries support
 
 * Julien Vehent
- - supplied Darwin binary
+ - supplied 1st Darwin binary
 
 * Rechi
  - initial MX stuff
@@ -58,6 +64,7 @@
  - avahi/mDNS support
  - HTTP2/ALPN
  - bugfixes
+ - former ARM binary support
 
 * Дилян Палаузов
  - bug fix for 3des report
@@ -93,3 +100,5 @@
 
 * Ivan Ristic/Qualys for the liberal license which made it possible to use the client data
 
+* my family for supporting me doing this work
+

Readme.md

@@ -28,11 +28,12 @@ cryptographic flaws.
 
 #### General
 
-Here in the master branch you find the development version of the software
+Here in the master branch you find the stable version 2.8rc2 of the software, it 
--- with new features and maybe some bugs. For the stable version and **a
+superseds 2.6. Version 2.8 is currently being finalized. The 2.9dev branch is the developemnet 
+-- with new  features  and maybe some bugs. For the stable version and **a
 more thorough description of the command line options** please see
 [testssl.sh](https://testssl.sh/ "Go to the site with the stable version
-and more documentation").
+and more documentation") or https://github.com/drwetter/testssl.sh/wiki/Usage-Documentation. 
 
 testssl.sh is working on every Linux/BSD distribution out of the box with
 some limitations of disabled features from the openssl client -- some
@@ -43,11 +44,7 @@ cygwin) work too. OpenSSL version >= 1 is a must.  OpenSSL version >= 1.0.2
 is needed for better LOGJAM checks and to display bit strengths for key
 exchanges.
 
-#### Current Development
+#### [Features in 2.8 stable](Readme.md#stable)
-
-Planned features in the release 2.7dev/2.8 are:
-
-https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29
 
 Done so far:
 
@@ -55,23 +52,31 @@ Done so far:
   Microsoft (OS), Mozilla (Firefox Browser), works for openssl >=1.0.1
 * IPv6 (status: 80% working, details see
   https://github.com/drwetter/testssl.sh/issues/11
-* works on servers requiring a x509 certificate for authentication
+* works now on servers requiring a x509 certificate for authentication
+* extensive CN <--> hostname check
 * SSL Session ID check
 * Avahi/mDNS based name resolution
 * HTTP2/ALPN protocol check
 * Logging to a file / dir
-* Logging to JSON + CSV
+* Logging to (flat) JSON + CSV
 * Check for multiple server certificates
-* Browser cipher simulation
+* Browser cipher simulation: what client will connect with which cipher + protocol
+* GOST cipher+certificate improvements
 * Assistance for color-blind users
 * Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems
 * Considerable speed improvements for each cipher runs (-e/-E)
-* More robust socket interface
+* More robust SSLv2 + TLS socket interface
+* seperate check for curves 
 * OpenSSL 1.1.0 compliant
+* check for DROWN
 * Whole number of bugs squashed
 
 Update notification here or @ [twitter](https://twitter.com/drwetter).
 
+#### [Features in 2.9dev](Readme.md#devel)
+* timeout in OpeenSL connect
+* TLS 1.2 protocol check via socket
+
 #### Contributions
 
 Contributions, feedback,  bug reports are welcome! For contributions please