testssl.sh/CREDITS.md

204 lines
4.9 KiB
Markdown

Full contribution, see git log.
* Dirk Wetter (creator, maintainer and main contributor)
- Everything what's not mentioned below and is included in testssl.sh's git log
minus what I probably forgot to mention
(too much other things to do at the moment and to list it would be a tough job)
* David Cooper (main contributor)
- Major extensions to socket support for all protocols
- extended parsing of TLS ServerHello messages
- TLS 1.3 support (final and pre-final) with needed en/decryption
- add several TLS extensions
- Detection + output of multiple certificates
- several cleanups of server certificate related stuff
- testssl.sh -e/-E: testing with a mixture of openssl + sockets
- add more ciphers
- coloring of ciphers
- extensive CN+SAN <--> hostname check
- separate check for curves
- RFC 7919, key shares extension
- keyUsage extension in certificate
- experimental "eTLS" detection
- parallel mass testing!
- RFC <--> OpenSSL cipher name space switches for the command line
- better error msg suppression (not fully installed openssl)
- GREASE support
- Bleichenbacher / ROBOT vulnerability test
- several protocol preferences improvements
- pwnedkeys.com support
- CT support
- Extract CA list CertificateRequest message is encountered
- RFC 8879, certificate compression
- 128 cipher limit, padding
- compatibility for LibreSSL and different OpenSSL versions
- Check for ffdhe groups
- TLS 1.2 and TLS 1.3 sig algs added
- Show server supported signature algorithms
- Show supported certification authorities sent by the server when client auth is requested
- Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
- Provide compatibility to every LibreSSL/OpenSSL versions
- Lots of fixes and improvements
##### Further credits (in alphabetical order)
* a666
- Bugfix
* Christoph Badura
- NetBSD fixes
* Jim Blankendaal
- maximum certificate lifespan of 398 days
- ssl renegotiation amount variable
- custom http request headers
* Frank Breedijk
- Detection of insecure redirects
- JSON and CSV output
- CA pinning
- Client simulations
- CI integration, some test cases for it
* Steven Danneman
- Postgres and MySQL STARTTLS support
- MongoDB support
* Christian Dresen
- Dockerfile
* csett86
- some MacOSX and Java client handshake data
* Mark Felder
- lots of cleanups
- Shellcheck static analysis
* Laine Gholson
- avahi/mDNS support
- HTTP2/ALPN
- bugfixes
- former ARM binary support
* Maciej Grela
- colorless handling
* Jac2NL
- initial support for skipping offensive vulnerability tests
* Scott Johnson
- Bugfix F5
* Hubert Kario
- helped with avoiding accidental TCP fragmentation
* Brennan Kinney
- refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
* Magnus Larsen
- SSL Labs Rating
* Jacco de Leeuw
- skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
* Manuel
- HTTP basic auth
* Markus Manzke
- Fix for HSTS + subdomains
- LibreSSL patch
* Jean Marsault
- client auth: ideas, code snippets
* Thomas Martens
- adding colorblind option
- no-rfc mapping
* Peter Mosmans
- started way better cmd line parsing
- cleanups, fixes
- openssl sources support with the "missing" features
* John Newbigin
- Proxy support (sockets and openssl)
* Oleksandr Nosenko
- non-flat JSON support (--json-pretty)
- in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
* Jonathan Roach
- TLS_FALLBACK_SCSV checks
* Jonathon Rossi
- fix for bash3 (Darwin)
- and other Darwin fixes
* Дилян Палаузов
- bug fix for 3des report
- reported a tricky STARTTLS bug
* Thomas Patzke:
- Support of supplying timeout value for openssl connect
* Olivier Paroz
- conversion xxd --> hexdump stuff
* Jeroen Wiert Pluimers
- Darwin binaries support
* Joao Poupino
- Minimize false positive detection for Renegotiation checks against Node.js etc.
* Rechi
- initial MX stuff
- fixes
* Gonçalo Ribeiro
- --connect-timeout
* Dmitri S
- inspiration & help for Darwin port
* Jonas Schäfer
- XMPP server patch
* Maurizio Siddu
- added --mTLS feature
* Marcin Szychowski
- Quick'n'dirty client certificate support
* Viktor Szépe
- color function maker
* Julien Vehent
- supplied 1st Darwin binary
* Thomas Ward
- add initial IDN support
* @typingArtist
- improved BEAST detection
* @f-s
- ARM binary support
* @nvsofts (NV)
- LibreSSL patch for GOST
* @w4ntun
- fixed DNS via proxy
Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
##### Last but not least:
* OpenSSL team for providing openssl.
* Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
* My family for supporting me doing this work