4.9 KiB
Full contribution, see git log.
-
Dirk Wetter (creator, maintainer and main contributor)
- Everything what's not mentioned below and is included in testssl.sh's git log minus what I probably forgot to mention (too much other things to do at the moment and to list it would be a tough job)
-
David Cooper (main contributor)
- Major extensions to socket support for all protocols
- extended parsing of TLS ServerHello messages
- TLS 1.3 support (final and pre-final) with needed en/decryption
- add several TLS extensions
- Detection + output of multiple certificates
- several cleanups of server certificate related stuff
- testssl.sh -e/-E: testing with a mixture of openssl + sockets
- add more ciphers
- coloring of ciphers
- extensive CN+SAN <--> hostname check
- separate check for curves
- RFC 7919, key shares extension
- keyUsage extension in certificate
- experimental "eTLS" detection
- parallel mass testing!
- RFC <--> OpenSSL cipher name space switches for the command line
- better error msg suppression (not fully installed openssl)
- GREASE support
- Bleichenbacher / ROBOT vulnerability test
- several protocol preferences improvements
- pwnedkeys.com support
- CT support
- Extract CA list CertificateRequest message is encountered
- RFC 8879, certificate compression
- 128 cipher limit, padding
- compatibility for LibreSSL and different OpenSSL versions
- Check for ffdhe groups
- TLS 1.2 and TLS 1.3 sig algs added
- Show server supported signature algorithms
- Show supported certification authorities sent by the server when client auth is requested
- Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
- Provide compatibility to every LibreSSL/OpenSSL versions
- Lots of fixes and improvements
Further credits (in alphabetical order)
-
a666
- Bugfix
-
Christoph Badura
- NetBSD fixes
-
Jim Blankendaal
- maximum certificate lifespan of 398 days
- ssl renegotiation amount variable
- custom http request headers
-
Frank Breedijk
- Detection of insecure redirects
- JSON and CSV output
- CA pinning
- Client simulations
- CI integration, some test cases for it
-
Steven Danneman
- Postgres and MySQL STARTTLS support
- MongoDB support
-
Christian Dresen
- Dockerfile
-
csett86
- some MacOSX and Java client handshake data
-
Mark Felder
- lots of cleanups
- Shellcheck static analysis
-
Laine Gholson
- avahi/mDNS support
- HTTP2/ALPN
- bugfixes
- former ARM binary support
-
Maciej Grela
- colorless handling
-
Jac2NL
- initial support for skipping offensive vulnerability tests
-
Scott Johnson
- Bugfix F5
-
Hubert Kario
- helped with avoiding accidental TCP fragmentation
-
Brennan Kinney
- refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
-
Magnus Larsen
- SSL Labs Rating
-
Jacco de Leeuw
- skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
-
Manuel
- HTTP basic auth
-
Markus Manzke
- Fix for HSTS + subdomains
- LibreSSL patch
-
Jean Marsault
- client auth: ideas, code snippets
-
Thomas Martens
- adding colorblind option
- no-rfc mapping
-
Peter Mosmans
- started way better cmd line parsing
- cleanups, fixes
- openssl sources support with the "missing" features
-
John Newbigin
- Proxy support (sockets and openssl)
-
Oleksandr Nosenko
- non-flat JSON support (--json-pretty)
- in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
-
Jonathan Roach
- TLS_FALLBACK_SCSV checks
-
Jonathon Rossi
- fix for bash3 (Darwin)
- and other Darwin fixes
-
Дилян Палаузов
- bug fix for 3des report
- reported a tricky STARTTLS bug
-
Thomas Patzke:
- Support of supplying timeout value for openssl connect
-
Olivier Paroz
- conversion xxd --> hexdump stuff
-
Jeroen Wiert Pluimers
- Darwin binaries support
-
Joao Poupino
- Minimize false positive detection for Renegotiation checks against Node.js etc.
-
Rechi
- initial MX stuff
- fixes
-
Gonçalo Ribeiro
- --connect-timeout
-
Dmitri S
- inspiration & help for Darwin port
-
Jonas Schäfer
- XMPP server patch
-
Maurizio Siddu
- added --mTLS feature
-
Marcin Szychowski
- Quick'n'dirty client certificate support
-
Viktor Szépe
- color function maker
-
Julien Vehent
- supplied 1st Darwin binary
-
Thomas Ward
- add initial IDN support
-
@typingArtist
- improved BEAST detection
-
@f-s
- ARM binary support
-
@nvsofts (NV)
- LibreSSL patch for GOST
-
@w4ntun
- fixed DNS via proxy
Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
Last but not least:
-
OpenSSL team for providing openssl.
-
Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
-
My family for supporting me doing this work