Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9e269f5488198e12f37ddd15fd5f8d626cee1a93
testssl.sh/CREDITS.md
Dirk 4d10873727 Amend changes and attributions
2025-04-22 16:47:54 +02:00

5.2 KiB
Raw Blame History

Full contribution, see git log.

  • Dirk Wetter (creator, maintainer and main contributor)

    • Everything what's not mentioned below and is included in testssl.sh's git log minus what I probably forgot to mention (too much other things to do at the moment and to list it would be too time consuming)

  • David Cooper (main contributor)

    • Major extensions to socket support for all protocols
    • extended parsing of TLS ServerHello messages
    • TLS 1.3 support (final and pre-final) with needed en/decryption
    • add several TLS extensions
    • Detection + output of multiple certificates
    • several cleanups of server certificate related stuff
    • testssl.sh -e/-E: testing with a mixture of openssl + sockets
    • add more ciphers
    • coloring of ciphers
    • extensive CN+SAN <--> hostname check
    • separate check for curves
    • RFC 7919, key shares extension
    • keyUsage extension in certificate
    • experimental "eTLS" detection
    • parallel mass testing!
    • RFC <--> OpenSSL cipher name space switches for the command line
    • better error msg suppression (not fully installed openssl)
    • GREASE support
    • Bleichenbacher / ROBOT vulnerability test
    • several protocol preferences improvements
    • pwnedkeys.com support
    • CT support
    • Extract CA list CertificateRequest message is encountered
    • RFC 8879, certificate compression
    • 128 cipher limit, padding
    • compatibility for LibreSSL and different OpenSSL versions
    • Check for ffdhe and ML-KEM groups
    • TLS 1.2 and TLS 1.3 sig algs added
    • Show server supported signature algorithms
    • Show supported certification authorities sent by the server when client auth is requested and whether certificate-based client authentication is not requested, optional, or required.
    • Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
  • Provide compatibility to every LibreSSL/OpenSSL versions, including OpenSSL 3.5.0
  • Lots of fixes and improvements
Further credits (in alphabetical order)

  • a666

    • Bugfix

  • Christoph Badura

    • NetBSD fixes

  • Jim Blankendaal

    • maximum certificate lifespan of 398 days
    • ssl renegotiation amount variable
    • custom http request headers

  • Frank Breedijk

    • Detection of insecure redirects
    • JSON and CSV output
    • CA pinning
    • Client simulations
    • CI integration, some test cases for it

  • Steven Danneman

    • Postgres and MySQL STARTTLS support
    • MongoDB support

  • Christian Dresen

    • Dockerfile

  • enxio

    • support for TN3270/telnet STARTTLS

  • csett86

    • some MacOSX and Java client handshake data

  • Mark Felder

    • lots of cleanups
    • Shellcheck static analysis

  • Laine Gholson

    • avahi/mDNS support
    • HTTP2/ALPN
    • bugfixes
    • former ARM binary support

  • Jauder Ho

    • GH Action to build new container images upon push
    • dependabot actions

  • Maciej Grela

    • colorless handling

  • Jac2NL

    • initial support for skipping offensive vulnerability tests

  • Scott Johnson

    • Bugfix F5

  • Hubert Kario

    • helped with avoiding accidental TCP fragmentation

  • Brennan Kinney

    • refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies

  • Magnus Larsen

    • SSL Labs Rating

  • Jacco de Leeuw

    • skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)

  • Manuel

    • HTTP basic auth

  • Markus Manzke

    • Fix for HSTS + subdomains
    • LibreSSL patch

  • Jean Marsault

    • client auth: ideas, code snippets

  • Thomas Martens

    • adding colorblind option
    • no-rfc mapping

  • Peter Mosmans

    • started way better cmd line parsing
    • cleanups, fixes
    • openssl sources support with the "missing" features

  • John Newbigin

    • Proxy support (sockets and openssl)

  • Oleksandr Nosenko

    • non-flat JSON support (--json-pretty)
    • in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level

  • Brett Randall

    • Improved (experimental) Extended Validation (EV) certificate identification.

  • Jonathan Roach

    • TLS_FALLBACK_SCSV checks

  • Jonathon Rossi

    • fix for bash3 (Darwin)
    • and other Darwin fixes

  • Дилян Палаузов

    • bug fix for 3des report
    • reported a tricky STARTTLS bug

  • Thomas Patzke:

    • Support of supplying timeout value for openssl connect

  • Olivier Paroz

    • conversion xxd --> hexdump stuff

  • Jeroen Wiert Pluimers

    • Darwin binaries support

  • Joao Poupino

    • Minimize false positive detection for Renegotiation checks against Node.js etc.

  • Rechi

    • initial MX stuff
    • fixes

  • Gonçalo Ribeiro

    • --connect-timeout

  • Dmitri S

    • inspiration & help for Darwin port

  • Jonas Schäfer

    • XMPP server patch

  • Maurizio Siddu

    • added --mTLS feature

  • Marcin Szychowski

    • Quick'n'dirty client certificate support

  • Viktor Szépe

    • color function maker

  • Julien Vehent

    • supplied 1st Darwin binary

  • Thomas Ward

    • add initial IDN support

  • @typingArtist

    • improved BEAST detection

  • @f-s

    • ARM binary support

  • @nvsofts (NV)

    • LibreSSL patch for GOST

  • @w4ntun

    • fixed DNS via proxy

Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.

Last but not least:

  • OpenSSL team for providing openssl.

  • Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data

  • My family for supporting me doing this work