testssl.sh/CHANGELOG.md at 6277613906de07ab241a0236bb6ebc4881d8330f

20 KiB

Raw Blame History

Change Log

Features implemented / improvements in 3.2

Rating (SSL Labs, not complete)
Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default)
Remove "negotiated cipher / protocol"
Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
Switched to multi-stage docker image with opensuse base to avoid musl libc issues, performance gain also
Improved compatibility with OpenSSL 3.0
Improved compatibility with Open/LibreSSL versions not supporting TLS 1.0-1.1 anymore
Renamed PFS/perfect forward secrecy --> FS/forward secrecy
Cipher list straightening
Improved mass testing
Better align colors of ciphers with standard cipherlists
Save a few cycles for ROBOT
Several ciphers more colorized
Percent output char problem fixed
Several display/output fixes
BREACH check: list all compression methods and add brotli
Test for old winshock vulnerability
Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
STARTTLS: XMPP server support, plus new set of OpenSSL-bad binaries
Several code improvements to STARTTLS, also better detection when no STARTTLS is offered
STARTTLS on active directory service support
Security fixes: DNS and other input from servers
Don't penalize missing trust in rating when CA not in Java store
Added support for certificates with EdDSA signatures and public keys
Extract CA list shows supported certification authorities sent by the server
TLS 1.2 and TLS 1.3 sig algs added
Check for ffdhe groups
Show server supported signature algorithms
--add-ca can also now be a directory with *.pem files
Warning of 398 day limit for certificates issued after 2020/9/1
Added environment variable for amount of attempts for ssl renegotiation check
Added --user-agent argument to support using a custom User Agent
Added --overwrite argument to support overwriting output files without warning
Headerflag X-XSS-Protection is now labeled as INFO
Strict parser for HSTS
DNS via proxy improvements
Client simulation runs in wide mode which is even better readable
Added --reqheader to support custom headers in HTTP requests
Test for support for RFC 8879 certificate compression
Deprecating --fast and --ssl-native (warning but still av)
Compatible to GNU grep 3.8
Don't use external pwd command anymore
Doesn't hang anymore when there's no local resolver

Features implemented / improvements in 3.0

Full support of TLS 1.3, shows also drafts supported
Extended protocol downgrade checks
ROBOT check
Better TLS extension support
Better OpenSSL 1.1.1 and higher versions support as well as LibreSSL >3
More robustness for OpenBSD
DNS over Proxy and other proxy improvements
Decoding of unencrypted BIG IP cookies
Initial client certificate support
Warning of 825 day limit for certificates issued after 2018/3/1
Socket timeouts (--connect-timeout)
IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
Initial support for certificate compression
Better JSON output: renamed IDs and findings shorter/better parsable, also includes certificate
JSON output now valid also for non-responding servers
Testing now per default 370 ciphers
Further improving the robustness of TLS sockets (sending and parsing)
Support of supplying timeout value for openssl connect -- useful for batch/mass scanning
File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2)
PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
Check for session resumption (Ticket, ID)
TLS Robustness check GREASE and more
Server preference distinguishes between TLS 1.3 and lower protocols
Mark TLS 1.0 and TLS 1.1 as deprecated
Does a few startup checks which make later tests easier and faster (determine_optimal_\*())
Expect-CT Header Detection
--phone-out does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
--phone-out checks whether the private key has been compromised via https://pwnedkeys.com/
Missing SAN warning
Added support for private CAs
Way better handling of connectivity problems (counting those, if threshold exceeded -> bye)
Fixed TCP fragmentation
Added --ids-friendly switch
Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
Better error msg suppression (not fully installed OpenSSL)
Better parsing of HTTP headers & better output of longer HTTP headers
Display more HTTP security headers
HTTP Basic Auth support for HTTP header
experimental "eTLS" detection
Dockerfile and repo @ docker hub with that file (see above)
Java Root CA store added
Better support for XMPP via STARTTLS & faster
Certificate check for to-name in stream of XMPP
Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL
Support for SNI and STARTTLS
More robustness for any STARTTLS protocol (fall back to plaintext while in TLS caused problems)
Renegotiation checks improved, also no false positive for Node.js anymore
Major update of client simulations with self-collected up-to-date data
Update of CA certificate stores
Lots of bug fixes
More travis/CI checks -- still place for improvements
Man page reviewed

Features implemented / improvements in 2.9.5

Way better coverage of ciphers as most checks are done via bash sockets where ever possible
Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness)
Testing 359 default ciphers (testssl.sh -e/-E) with a mixture of sockets and openssl. Same speed as with openssl only but additional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
TLS 1.2 protocol check via sockets in production
Finding more TLS extensions via sockets
TLS Supported Groups Registry (RFC 7919), key shares extension
Non-flat JSON output support
File output (CSV, JSON flat, JSON non-flat) supports a minimum severity level (only above supplied level there will be output)
Native HTML support instead going through 'aha'
LUCKY13 and SWEET32 checks
Ticketbleed check
LOGJAM: now checking also for known DH parameters
Support of supplying timeout value for openssl connect -- useful for batch/mass scanning
Parallel mass testing
Check for CAA RR
Check for OCSP must staple
Check for Certificate Transparency
Check for session resumption (Ticket, ID)
Better formatting of output (indentation)
Choice showing the RFC naming scheme only
File input for mass testing can be also in nmap grep(p)able (-oG) format
Postgres und MySQL STARTTLS support
Man page

New in 2.8

Trust chain check against certificate stores from Apple (OS), Linux (OS), Microsoft (OS), Mozilla (Firefox Browser), works for openssl >=1.0.1
IPv6 (status: 80% working, details see https://github.com/drwetter/testssl.sh/issues/11
works now on servers requiring a x509 certificate for authentication
extensive CN <--> hostname check
SSL Session ID check
Avahi/mDNS based name resolution
HTTP2/ALPN protocol check
Logging to a file / dir
Logging to (flat) JSON + CSV
HPKP checks now also for Root, intermediate SPKIs
Check for multiple server certificates
Browser cipher simulation: what client will connect with which cipher + protocol
GOST cipher+certificate improvements
Assistance for color-blind users
Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems
Considerable speed improvements for each cipher runs (-e/-E)
More robust SSLv2 + TLS socket interface
separate check for curves
OpenSSL 1.1.0 compliant
check for DROWN
Whole number of bugs squashed

New in 2.6

Display matching host key (HPKP)
LOGJAM 1: check DHE_EXPORT cipher
LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers
"wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name
binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit)
OS X binaries (@jvehent, new builds: @jpluimers)
ARM binary (@f-s)
FreeBSD binary
TLS_FALLBACK_SCSV check -- thx @JonnyHightower
(HTTP) proxy support! Also with sockets -- thx @jnewbigin
Extended validation certificate detection
Run in default mode through all ciphers at the end of a default run
will test multiple IP addresses of one supplied server name in one shot, --ip= restricts it accordingly
new mass testing file option --file option where testssl.sh commands are being read from, see https://twitter.com/drwetter/status/627619848344989696
TLS time and HTTP time stamps
TLS time displayed also for STARTTLS protocols
support of sockets for STARTTLS protocols
TLS 1.0-1.1 as socket checks per default in production
further detection of security relevant headers (reverse proxy, IPv4 addresses), proprietary banners (OWA, Liferay etc.)
can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams).
quite some LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)
lots of fixes, code improvements, even more robust

Full log @ https://github.com/drwetter/testssl.sh/commits/2.6/testssl.sh

New in 2.4

"only one cmd line option at a time" is completely gone
several tuning parameters on the cmd line (only available through environment variables b4): --assuming-http, --ssl-native, --sneaky, --warnings, --color, -- debug, --long
certificate information
more HTTP header infos (cookies+security headers)
protocol check via bash sockets for SSLv2+v3
debug handling significantly improved (verbosity/each function leaves files in $TEMPDIR)
BEAST check
FREAK check
check for Secure Client-Initiated Renegotiation
lots of cosmetic and maintainability code cleanups
bugfixing

Full changelog: https://github.com/drwetter/testssl.sh/commits/2.4/testssl.sh

2.2. new features:

Works fully under FreeBSD (openssl >=1.0)
single cipher check (-x) with pattern of hexcode/cipher
check for POODLE SSL
HPKP check
OCSP stapling
GOST and CHACHA20 POLY1305 cipher support
service detection (HTTP, IMAP, POP, SMTP)
runs now with all colors, b/w screen, no escape codes at all
protocol check better
job control removes stalling
RFC <---> OpenSSL name space mapping of ciphers everywhere
includes a lot of fixes

Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh

2.0 major release, new features:

SNI
STARTTLS fully supported
RC4 check
(P)FS check
SPDY check
color codes make more sense now
cipher hexcodes are shown
tests ciphers per protocol
HSTS
web and application server banner
server preferences
TLS server extensions
server key size
cipher suite mapping from openssl to RFC
heartbleed check
CCS injection check

Historical releases

1.112

IPv6 display fix

1.111

NEW: tested under FreeBSD (works with exception of xxd in CCS)
getent now works under Linux and FreeBSD
sed -i in hsts sacrificed for compatibility
removed query for IP for finishing banner, is now called once in parse_hn_port
GOST warning after banner
empty build date is not displayed anymore
long build date strings minimized
FIXED: IPv6 address are displayed again

1.110

NEW: adding Russian GOST cipher support by providing a config file on the fly
adding the compile date of openssl in the banner

1.109

minor IPv6 fixes

1.108

NEW: Major rewrite of output functions. Now using printf instead of "echo -e" for BSD and MacOSX compatibility

1.107

improved IP address stuff

1.106

minor fixes

1.105

NEW: working prototype for CCS injection

1.104

NEW: everywhere also RFC style ciphers -- if the mapping file is found
unitary calls to display cipher suites

1.103

NEW: telnet support for STARTTLS (works only with a patched openssl version) --> not tested (lack of server)

1.102

NEW: test for BREACH (experimental)

.101

BUGFIX: muted too verbose output of which on CentOS/RHEL
BUGFIX: muted too verbose output of netcat/nc on CentOS/RHEL+Debian

1.100

further cleanup
- starttls now tests allciphers() instead of cipher_per_proto (normal use case makes most sense here)
- ENV J_POSITIV --> SHOW_EACH_C
finding mapping-rfc.txt is now a bit smarter
preparations for ChaCha20-Poly1305 (would have provided binaries but "openssl s_client -connect" with that ciphersuite fails currently with a handshake error though client and server hello succeeded!)

1.99

BUGFIX: now really really everywhere testing the IP with supplied name
locking out openssl < 0.9.8f, new function called "old_fart" ;-)
FEATURE: displaying PTR record of IP
FEATURE: displaying further IPv4/IPv6 addresses
bit of a cleanup

1.98

http_header is in total only called once
better parsing of default protocol (FIXME shouldn't appear anymore)

1.97

reduced sleep time for server hello and payload reply (heartbleed)

1.96

NEW: (experimental) heartbleed support with bash sockets (shell only SSL handshake!) see also https://testssl.sh/bash-heartbleed.sh

1.95 (2.0rc3)

changed cmdline options for CRIME and renego vuln to uppercase
NEW: displays server key size now
NEW: displays TLS server extensions (might kill old openssl versions)
brown warning if HSTS < 180 days
brown warning if SSLv3 is offered as default protocol

1.94

NEW: prototype of mapping to RFC cipher suite names, needed file mapping-rfc.txt in same dir as of now only used for 'testssl.sh -V'
internal renaming: it was supposed to be "cipherlists" instead of "ciphersuites"
additional tests for cipherlists DES, 3DES, ADH

1.93

BUGFIX: removed space in Server banner fixed (at the expense of showing just nothing if Server string is empty)

1.92

BUGFIX: fixed error of faulty detected empty server string

1.91

replaced most lcyan to brown (=not really bad but somehow)
empty server string better displayed
preferred CBC TLS 1.2 cipher is now brown (lucky13)

1.90

fix for netweaver banner (server is lowercase)
no server banner is no disadvantage (color code)

1.89

reordered! : protocols + cipher come first
colorized preferred server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
SSLv3 is now light cyan
NEW: -P|--preference now in help menu
light cyan is more appropriate than red for HSTS

1.88

NEW: prototype for protocol and cipher preference
prototype for session ticket

1.87

changed just the version string to rc1

1.86

NEW: App banner now production, except 2 liners
DEBUG: 1 is now true as everywhere else
CRIME+Renego prettier
last optical polish for RC4, PFS

1.85

NEW: appbanner (also 2 lines like asp.net)
OSSL_VER_MAJOR/MINOR/APPENDIX
less bold because bold headlines as bold should be reserved for emphasize findings
tabbed output also for protocols and cipher classes
unify neat printing

1.84

NEW: deprecating openssl version <0.98
displaying a warning >= 0.98 < 1.0
NEW: neat print also for all ciphers (-E,-e)

1.83

BUGFIX: results from unit test: logical error in PFS+RC4 fixed
headline of -V / PFS+RC4 ciphers unified

1.82

NEW: output for -V now better (bits separate, spacing improved)

1.81

output for RC4+PFS now better (with headline, bits separate, spacing improved)
both also sorted by encr. strength .. umm ..err bits!

1.80

order of finding supplied binary extended (first one wins):
1. use supplied variable $OPENSSL
2. use "openssl" in same path as testssl.sh
3. use "openssl.uname -m" in same path as testssl.sh
4. use anything in system $PATH (return value of "which"

1.79

STARTTLS options w/o trailing 's' now (easier)
commented code for CRIME SPDY
issue a warning for openssl < 0.9.7 ( that version won't work anyway probably)

1.78

-E, -e now sorted by encryption strength (note: it's only encr key length)
-V now pretty prints all local ciphers
-V now pretty prints all local ciphers matching pattern (plain string, no regex)
bugfix: SSLv2 cipher hex codes has 3 bytes!

1.77

removed legacy code (PROD_REL var)

1.76

bash was gone!! disaster for Ubuntu, fixed
starttls+rc4 check: bottom line was wrong
starttls had too much output (certificate) at first a/v check

1.75

location is now https://testssl.sh
be nice: banner, version, help also works for BSD folks (on dash)
bug in server banner fixed
sneaky referer and user agent possible

1.74

Debian 7 fix
ident obsoleted

1.72

removed obsolete GREP
SWURL/SWCONTACT
output for positive RC4 better

1.71

workaround for buggy bash (RC4)
colors improved
- blue is now reserved for headline
- magenta for local probs
- in RC4 removal of SSL protocol provided by openssl

1.70

DEBUG in http_headers now as expected

1.69

HTTP 1.1 header
removed in each cipher the proto openssl is returning

NEW: cipher_per_proto

1.68

header parser for openssl
HSTS

[..]

1.36

fixed issue while connecting to non-webservers

1.35

fixed portability issue on Ubuntu

1.34

ip(v4) address in output, helps to tell different systems apart later on
local hostname in output

1.31 (Halloween Release)

bugfix: SSLv2 was kind of borken
now it works for sure but ssl protocol are kind of ugly

1.30b (25.10.2012)

bugfix: TLS 1.1/1.2 may lead to false negatives
bugfix: CMDLINE -a/-e was misleading, now similar to help menu

1.3 (10/13/2012)

can test now for cipher suites only
can test now for protocols suites only
tests for tls v1.1/v1.2 of local openssl supports it
commandline "all "is rename to "each-cipher"
banner when it's done

1.21a (10/4/2012)

tests whether openssl has support for zlib compiled so that it avoids a false negative

1.21 (10/4/2012)

CRIME support

1.20b

bugfixed release

1.20a

code cleanup
showciphers variable introduced: only show ciphers if this is set (it is by default now and there's a comment
openssl version + path to it in the banner

1.20

bugfix (ssl in ssl handshake failure is sometimes too much)
date in output
autodetection of CVS version removed

1.19

bugfix 1.18
Rearrangement of arguments: URL comes now always last!
small code cleanups for readability
individual cipher test is now with bold headline, not blue
NOPARANOID flag tells whether medium grade ciphers are ok. NOW they are (=<1.17 was paranoid)

1.17

SSL tests now for renegotiation vulnerability!
version detection of testssl.sh
program has a banner
fixed bug leading to a file named "1"
comment for 128Bit ciphers

1.16

major code cleanups
cmd line options: port is now in first argument!!
help is more verbose
check whether on other server side is ssl server listening
https:// can be now supplied also on the command line
test all ciphers now
new cleanup routine
-a does not do standard test afterward, you need to run testssl a second time w/o -a if you want this

1.12

tests also medium grade ciphers (which you should NOT use)
tests now also high grade ciphers which you SHOULD ONLY use
switch for more verbose output of cipher for those cryptographically interested . in rows: SSL version, Key eXchange, Authentication, Encryption and Message Authentication Code
this is per default enabled (provide otherwise "" as VERB_CLIST)
as a courtesy I am providing 64+32 Linux binaries for testing 56 Bit ciphers

1.11

Hint for howto enable 56 Bit ciphers for testing
possible to specify where openssl is (hardcoded, $ENV, last resort: auto)
warns if netcat is not there

1.10

somewhat first released version

20 KiB Raw Blame History