201 lines
4.8 KiB
Markdown
201 lines
4.8 KiB
Markdown
|
|
Full contribution, see git log.
|
|
|
|
* Dirk Wetter (creator, maintainer and main contributor)
|
|
- Everything what's not mentioned below and is included in testssl.sh's git log
|
|
minus what I probably forgot to mention
|
|
(too much other things to do at the moment and to list it would be a tough job)
|
|
|
|
* David Cooper (main contributor)
|
|
- Major extensions to socket support for all protocols
|
|
- extended parsing of TLS ServerHello messages
|
|
- TLS 1.3 support (final and pre-final) with needed en/decryption
|
|
- add several TLS extensions
|
|
- Detection + output of multiple certificates
|
|
- several cleanups of server certificate related stuff
|
|
- testssl.sh -e/-E: testing with a mixture of openssl + sockets
|
|
- add more ciphers
|
|
- coloring of ciphers
|
|
- extensive CN+SAN <--> hostname check
|
|
- separate check for curves
|
|
- RFC 7919, key shares extension
|
|
- keyUsage extension in certificate
|
|
- experimental "eTLS" detection
|
|
- parallel mass testing!
|
|
- RFC <--> OpenSSL cipher name space switches for the command line
|
|
- better error msg suppression (not fully installed openssl)
|
|
- GREASE support
|
|
- Bleichenbacher / ROBOT vulnerability test
|
|
- several protocol preferences improvements
|
|
- pwnedkeys.com support
|
|
- CT support
|
|
- Extract CA list CertificateRequest message is encountered
|
|
- RFC 8879, certificate compression
|
|
- 128 cipher limit, padding
|
|
- compatibility for LibreSSL and different OpenSSL versions
|
|
- Check for ffdhe groups
|
|
- TLS 1.2 and TLS 1.3 sig algs added
|
|
- Show server supported signature algorithms
|
|
- Show supported certification authorities sent by the server when client auth is requested
|
|
- Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
|
|
- Provide compatibility to every LibreSSL/OpenSSL versions
|
|
- Lots of fixes and improvements
|
|
|
|
##### Further credits (in alphabetical order)
|
|
|
|
* a666
|
|
- Bugfix
|
|
|
|
* Christoph Badura
|
|
- NetBSD fixes
|
|
|
|
* Jim Blankendaal
|
|
- maximum certificate lifespan of 398 days
|
|
- ssl renegotiation amount variable
|
|
- custom http request headers
|
|
|
|
* Frank Breedijk
|
|
- Detection of insecure redirects
|
|
- JSON and CSV output
|
|
- CA pinning
|
|
- Client simulations
|
|
- CI integration, some test cases for it
|
|
|
|
* Steven Danneman
|
|
- Postgres and MySQL STARTTLS support
|
|
- MongoDB support
|
|
|
|
* Christian Dresen
|
|
- Dockerfile
|
|
|
|
* csett86
|
|
- some MacOSX and Java client handshake data
|
|
|
|
* Mark Felder
|
|
- lots of cleanups
|
|
- Shellcheck static analysis
|
|
|
|
* Laine Gholson
|
|
- avahi/mDNS support
|
|
- HTTP2/ALPN
|
|
- bugfixes
|
|
- former ARM binary support
|
|
|
|
* Maciej Grela
|
|
- colorless handling
|
|
|
|
* Jac2NL
|
|
- initial support for skipping offensive vulnerability tests
|
|
|
|
* Scott Johnson
|
|
- Bugfix F5
|
|
|
|
* Hubert Kario
|
|
- helped with avoiding accidental TCP fragmentation
|
|
|
|
* Brennan Kinney
|
|
- refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
|
|
|
|
* Magnus Larsen
|
|
- SSL Labs Rating
|
|
|
|
* Jacco de Leeuw
|
|
- skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
|
|
|
|
* Manuel
|
|
- HTTP basic auth
|
|
|
|
* Markus Manzke
|
|
- Fix for HSTS + subdomains
|
|
- LibreSSL patch
|
|
|
|
* Jean Marsault
|
|
- client auth: ideas, code snippets
|
|
|
|
* Thomas Martens
|
|
- adding colorblind option
|
|
- no-rfc mapping
|
|
|
|
* Peter Mosmans
|
|
- started way better cmd line parsing
|
|
- cleanups, fixes
|
|
- openssl sources support with the "missing" features
|
|
|
|
* John Newbigin
|
|
- Proxy support (sockets and openssl)
|
|
|
|
* Oleksandr Nosenko
|
|
- non-flat JSON support (--json-pretty)
|
|
- in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
|
|
|
|
* Jonathan Roach
|
|
- TLS_FALLBACK_SCSV checks
|
|
|
|
* Jonathon Rossi
|
|
- fix for bash3 (Darwin)
|
|
- and other Darwin fixes
|
|
|
|
* Дилян Палаузов
|
|
- bug fix for 3des report
|
|
- reported a tricky STARTTLS bug
|
|
|
|
* Thomas Patzke:
|
|
- Support of supplying timeout value for openssl connect
|
|
|
|
* Olivier Paroz
|
|
- conversion xxd --> hexdump stuff
|
|
|
|
* Jeroen Wiert Pluimers
|
|
- Darwin binaries support
|
|
|
|
* Joao Poupino
|
|
- Minimize false positive detection for Renegotiation checks against Node.js etc.
|
|
|
|
* Rechi
|
|
- initial MX stuff
|
|
- fixes
|
|
|
|
* Gonçalo Ribeiro
|
|
- --connect-timeout
|
|
|
|
* Dmitri S
|
|
- inspiration & help for Darwin port
|
|
|
|
* Jonas Schäfer
|
|
- XMPP server patch
|
|
|
|
* Marcin Szychowski
|
|
- Quick'n'dirty client certificate support
|
|
|
|
* Viktor Szépe
|
|
- color function maker
|
|
|
|
* Julien Vehent
|
|
- supplied 1st Darwin binary
|
|
|
|
* Thomas Ward
|
|
- add initial IDN support
|
|
|
|
* @typingArtist
|
|
- improved BEAST detection
|
|
|
|
* @f-s
|
|
- ARM binary support
|
|
|
|
* @nvsofts (NV)
|
|
- LibreSSL patch for GOST
|
|
|
|
* @w4ntun
|
|
- fixed DNS via proxy
|
|
|
|
Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
|
|
|
|
|
|
##### Last but not least:
|
|
|
|
* OpenSSL team for providing openssl.
|
|
|
|
* Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
|
|
|
|
* My family for supporting me doing this work
|