From 35f70f23751433e0e6ca96750344b4e29989c899 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Sat, 2 Nov 2019 10:20:57 +0100 Subject: [PATCH] Amendments + reordering add IDN etc. -support and David's work on determine_optimal_* functions --- CHANGELOG.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index da994fa3..66f26ec0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,16 +19,19 @@ * PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3) * Check for session resumption (Ticket, ID) * TLS Robustness check (GREASE) +* Server preference distinguishes between TLS 1.3 and lower protocols +* Does a few startup checks which make later tests easier and faster (determine_optimal_\*() ) * Expect-CT Header Detection * `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL * `--phone-out` checks whether the private key has been compromised via https://pwnedkeys.com/ * Fully OpenBSD and LibreSSL support * Missing SAN warning * Added support for private CAs -* Man page reviewed -* Better error msg suppression (not fully installed OpenSSL) * Way better handling of connectivity problems +* Fixed TCP fragmentation +* Added `--ids-friendly` switch * Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors. +* Better error msg suppression (not fully installed OpenSSL) * Dockerfile and repo @ docker hub with that file (see above) * Java Root CA store added * Better support for XMPP via STARTTLS & faster @@ -36,10 +39,9 @@ * Support for NNTP via STARTTLS * Support for SNI and STARTTLS * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS) -* Fixed TCP fragmentation -* Added `--ids-friendly` switch * Major update of client simulations with self-collected data - +* IDN/IDN2 and emoji URI support (supposed libidn/idn2 is installed and DNS resolver is recent) +* Man page reviewed ### Features implemented in 2.9.5