testssl.sh/CREDITS.md
2024-01-20 11:49:32 +01:00

4.9 KiB

Full contribution, see git log.

  • Dirk Wetter (creator, maintainer and main contributor)

    • Everything what's not mentioned below and is included in testssl.sh's git log minus what I probably forgot to mention (too much other things to do at the moment and to list it would be a tough job)
  • David Cooper (main contributor)

    • Major extensions to socket support for all protocols
    • extended parsing of TLS ServerHello messages
    • TLS 1.3 support (final and pre-final) with needed en/decryption
    • add several TLS extensions
    • Detection + output of multiple certificates
    • several cleanups of server certificate related stuff
    • testssl.sh -e/-E: testing with a mixture of openssl + sockets
    • add more ciphers
    • coloring of ciphers
    • extensive CN+SAN <--> hostname check
    • separate check for curves
    • RFC 7919, key shares extension
    • keyUsage extension in certificate
    • experimental "eTLS" detection
    • parallel mass testing!
    • RFC <--> OpenSSL cipher name space switches for the command line
    • better error msg suppression (not fully installed openssl)
    • GREASE support
    • Bleichenbacher / ROBOT vulnerability test
    • several protocol preferences improvements
    • pwnedkeys.com support
    • CT support
    • Extract CA list CertificateRequest message is encountered
    • RFC 8879, certificate compression
    • 128 cipher limit, padding
    • compatibility for LibreSSL and different OpenSSL versions
    • Check for ffdhe groups
    • TLS 1.2 and TLS 1.3 sig algs added
    • Show server supported signature algorithms
    • Show supported certification authorities sent by the server when client auth is requested
    • Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
  • Provide compatibility to every LibreSSL/OpenSSL versions
  • Lots of fixes and improvements
Further credits (in alphabetical order)
  • a666

    • Bugfix
  • Christoph Badura

    • NetBSD fixes
  • Jim Blankendaal

    • maximum certificate lifespan of 398 days
    • ssl renegotiation amount variable
    • custom http request headers
  • Frank Breedijk

    • Detection of insecure redirects
    • JSON and CSV output
    • CA pinning
    • Client simulations
    • CI integration, some test cases for it
  • Steven Danneman

    • Postgres and MySQL STARTTLS support
    • MongoDB support
  • Christian Dresen

    • Dockerfile
  • csett86

    • some MacOSX and Java client handshake data
  • Mark Felder

    • lots of cleanups
    • Shellcheck static analysis
  • Laine Gholson

    • avahi/mDNS support
    • HTTP2/ALPN
    • bugfixes
    • former ARM binary support
  • Maciej Grela

    • colorless handling
  • Jac2NL

    • initial support for skipping offensive vulnerability tests
  • Scott Johnson

    • Bugfix F5
  • Hubert Kario

    • helped with avoiding accidental TCP fragmentation
  • Brennan Kinney

    • refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
  • Magnus Larsen

    • SSL Labs Rating
  • Jacco de Leeuw

    • skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
  • Manuel

    • HTTP basic auth
  • Markus Manzke

    • Fix for HSTS + subdomains
    • LibreSSL patch
  • Jean Marsault

    • client auth: ideas, code snippets
  • Thomas Martens

    • adding colorblind option
    • no-rfc mapping
  • Peter Mosmans

    • started way better cmd line parsing
    • cleanups, fixes
    • openssl sources support with the "missing" features
  • John Newbigin

    • Proxy support (sockets and openssl)
  • Oleksandr Nosenko

    • non-flat JSON support (--json-pretty)
    • in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
  • Jonathan Roach

    • TLS_FALLBACK_SCSV checks
  • Jonathon Rossi

    • fix for bash3 (Darwin)
    • and other Darwin fixes
  • Дилян Палаузов

    • bug fix for 3des report
    • reported a tricky STARTTLS bug
  • Thomas Patzke:

    • Support of supplying timeout value for openssl connect
  • Olivier Paroz

    • conversion xxd --> hexdump stuff
  • Jeroen Wiert Pluimers

    • Darwin binaries support
  • Joao Poupino

    • Minimize false positive detection for Renegotiation checks against Node.js etc.
  • Rechi

    • initial MX stuff
    • fixes
  • Gonçalo Ribeiro

    • --connect-timeout
  • Dmitri S

    • inspiration & help for Darwin port
  • Jonas Schäfer

    • XMPP server patch
  • Maurizio Siddu

    • added --mTLS feature
  • Marcin Szychowski

    • Quick'n'dirty client certificate support
  • Viktor Szépe

    • color function maker
  • Julien Vehent

    • supplied 1st Darwin binary
  • Thomas Ward

    • add initial IDN support
  • @typingArtist

    • improved BEAST detection
  • @f-s

    • ARM binary support
  • @nvsofts (NV)

    • LibreSSL patch for GOST
  • @w4ntun

    • fixed DNS via proxy

Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.

Last but not least:
  • OpenSSL team for providing openssl.

  • Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data

  • My family for supporting me doing this work