Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Need to reflect the new master

Browse Source
This commit is contained in:
Dirk Wetter
2015-09-17 15:33:41 +02:00
parent 945d26d222
commit fc3f711b4c
1 changed files with 2 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Readme.md
View File

@@ -9,30 +9,9 @@ It is working on every Linux distribution out of the box with some limitations o
On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see [testssl.sh](https://testssl.sh/ "Go to the site with the stable version and more documentation").
New features in the stable release 2.6 are:
* display matching host key (HPKP)
* LOGJAM 1: check DHE_EXPORT cipher
* LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers
* "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name
* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit)
* OS X binaries (@jvehent, new builds: @jpluimers)
* ARM binary (@f-s)
* (HTTP) proxy support, via openssl and sockets! -- Thx @jnewbigin
* TLS_FALLBACK_SCSV check -- Thx @JonnyHightower
* Extended validation certificate detection
* Run in default mode through all ciphers at the end of a default run
* will test multiple IP adresses in one shot, --ip=<adress|"one"> restricts it accordingly
* new mass testing file option ``--file`` option where testssl.sh commands are being read from, see https://twitter.com/drwetter/status/627619848344989696
* TLS time and HTTP time stamps
* TLS time displayed also for STARTTLS protocols
* support of sockets for STARTTLS protocols
* TLS 1.0-1.1 as socket checks per default in production
* further detection of security relevant headers (reverse proxy, IPv4 addresses), proprietary banners (OWA, Liferay etc.)
* can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams).
* quite some LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)
* lots of fixes, code improvements, even more robust
Planned features in the release 2.7dev/2.8 are:
https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29
Contributions, feedback, also bug reports are welcome! For contributions please note: One patch per feature -- bug fix/improvement. Please test your changes thouroughly as reliability is important for this project.