Update attributions and Changes for release
If anything is missing or wrong please let us know or do a PR. (This is until from earlier time to ~2018. >2019 need to follow)
This commit is contained in:
Dirk
parent
91e14a3840
commit
2ea57f0701
22
CHANGELOG.md
22
CHANGELOG.md
|
|
@ -12,12 +12,11 @@
|
|||
* DNS over Proxy and other proxy improvements
|
||||
* Decoding of unencrypted BIG IP cookies
|
||||
* Initial client certificate support
|
||||
* Warning of 825 day limit for certificates issued after 2018/3/1
|
||||
* Socket timeouts (``--connect-timeout``)
|
||||
* IDN/IDN2 servername support
|
||||
* pwnedkeys.com support
|
||||
* Initial client certificate support
|
||||
* IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
|
||||
* Initial support for certificate compression
|
||||
* Better JSON output: renamed IDs and findings shorter/better parsable
|
||||
* Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate
|
||||
* JSON output now valid also for non-responding servers
|
||||
* Testing now per default 370 ciphers
|
||||
* Further improving the robustness of TLS sockets (sending and parsing)
|
||||
|
|
@ -26,31 +25,34 @@
|
|||
* LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2)
|
||||
* PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
|
||||
* Check for session resumption (Ticket, ID)
|
||||
* TLS Robustness check (GREASE)
|
||||
* TLS Robustness check GREASE and more
|
||||
* Server preference distinguishes between TLS 1.3 and lower protocols
|
||||
* Mark TLS 1.0 and TLS 1.1 as deprecated
|
||||
* Does a few startup checks which make later tests easier and faster (``determine_optimal_\*()``)
|
||||
* Expect-CT Header Detection
|
||||
* `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
|
||||
* `--phone-out` checks whether the private key has been compromised via https://pwnedkeys.com/
|
||||
* Fully OpenBSD and LibreSSL support
|
||||
* Missing SAN warning
|
||||
* Added support for private CAs
|
||||
* Way better handling of connectivity problems
|
||||
* Way better handling of connectivity problems (counting those, if threshold exceeded -> bye)
|
||||
* Fixed TCP fragmentation
|
||||
* Added `--ids-friendly` switch
|
||||
* Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
|
||||
* Better error msg suppression (not fully installed OpenSSL)
|
||||
* Better parsing of HTTP headers & better output of longer HTTP headers
|
||||
* HTTP Basic Auth support for HTTP header
|
||||
* "eTLS" detection
|
||||
* Dockerfile and repo @ docker hub with that file (see above)
|
||||
* Java Root CA store added
|
||||
* Better support for XMPP via STARTTLS & faster
|
||||
* Certificate check for to-name in stream of XMPP
|
||||
* Support for NNTP via STARTTLS, fixes for MySQL and PostgresQL
|
||||
* Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL
|
||||
* Support for SNI and STARTTLS
|
||||
* More robustness for any STARTTLS protocol (fall back to plaintext while in TLS)
|
||||
* Major update of client simulations with self-collected data
|
||||
* IDN/IDN2 and emoji URI support (supposed libidn/idn2 is installed and DNS resolver is recent)
|
||||
* Major update of client simulations with self-collected up-to-date data
|
||||
* Update of CA certificate stores
|
||||
* Lots of bug fixes
|
||||
* More travis/CI checks -- still place for improvements
|
||||
* Man page reviewed
|
||||
|
||||
### Features implemented in 2.9.5
|
||||
|
|
|
|||
53
CREDITS.md
53
CREDITS.md
|
|
@ -1,24 +1,39 @@
|
|||
|
||||
Full contribution, see git log.
|
||||
|
||||
|
||||
* Dirk Wetter (founder, maintainer and main contributor)
|
||||
- Everything what's not mentioned below and is included in testssl.sh's git log
|
||||
minus what I probably forgot to mention
|
||||
(too much other things to do at the moment and to list it would be a tough job)
|
||||
|
||||
* David Cooper (main contributor)
|
||||
|
||||
- Major extensions to socket support for all protocols
|
||||
- extended parsing of TLS ServerHello messages
|
||||
- TLS 1.3 support (final and pre-final)
|
||||
- add several TLS extensions
|
||||
- Detection + output of multiple certificates
|
||||
- several cleanups of server certificate related stuff
|
||||
- extended parsing of TLS ServerHello messages
|
||||
- testssl.sh -e/-E: testing with a mixture of openssl + sockets
|
||||
- more ciphers
|
||||
- finding more TLS extensions via sockets
|
||||
- add more ciphers
|
||||
- coloring of ciphers
|
||||
- extensive CN+SAN <--> hostname check
|
||||
- separate check for curves
|
||||
- RFC 7919, key shares extension
|
||||
- keyUsage extension in certificate
|
||||
- experimental "eTLS" detection
|
||||
- parallel mass testing!
|
||||
- RFC <--> OpenSSL cipher name space switches for the command line
|
||||
- numerous fixes
|
||||
- better error msg suppression (not fully installed openssl
|
||||
- GREASE support
|
||||
- Bleichenbacher vulnerability test
|
||||
- TLS 1.3 support
|
||||
- Bleichenbacher / ROBOT vulnerability test
|
||||
- several protocol preferences improvements
|
||||
- pwnedkeys.com support
|
||||
- CT support
|
||||
- Lots of fixes and improvements
|
||||
|
||||
##### Credits also to
|
||||
##### Further credits (in alphabetical order)
|
||||
|
||||
* Christoph Badura
|
||||
- NetBSD fixes
|
||||
|
|
@ -32,7 +47,10 @@
|
|||
|
||||
* Steven Danneman
|
||||
- Postgres and MySQL STARTTLS support
|
||||
* MongoDB support
|
||||
- MongoDB support
|
||||
|
||||
* Christian Dresen
|
||||
- Dockerfile
|
||||
|
||||
* Mark Felder
|
||||
- lots of cleanups
|
||||
|
|
@ -47,6 +65,15 @@
|
|||
* Maciej Grela
|
||||
- colorless handling
|
||||
|
||||
* Hubert Kario
|
||||
- helped with avoiding accidental TCP fragmentation
|
||||
|
||||
* Jacco de Leeuw
|
||||
- skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
|
||||
|
||||
* Manuel
|
||||
- HTTP basic auth
|
||||
|
||||
* Markus Manzke
|
||||
- Fix for HSTS + subdomains
|
||||
- LibreSSL patch
|
||||
|
|
@ -94,9 +121,15 @@
|
|||
- initial MX stuff
|
||||
- fixes
|
||||
|
||||
* Gonçalo Ribeiro
|
||||
- --connect-timeout
|
||||
|
||||
* Dmitri S
|
||||
- inspiration & help for Darwin port
|
||||
|
||||
* Marcin Szychowski
|
||||
- Quick'n'dirty client certificate support
|
||||
|
||||
* Viktor Szépe
|
||||
- color function maker
|
||||
|
||||
|
|
@ -112,14 +145,14 @@
|
|||
* @nvsofts (NV)
|
||||
- LibreSSL patch for GOST
|
||||
|
||||
Others I forgot to mention which did give me feedback, bug reports and helped one way or another.
|
||||
Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
|
||||
|
||||
|
||||
##### Last but not least:
|
||||
|
||||
* OpenSSL team for providing openssl.
|
||||
|
||||
* Ivan Ristic/Qualys for the liberal license which made it possible to use the client data
|
||||
* Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
|
||||
|
||||
* My family for supporting me doing this work
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue