From b2bf5b72bd1d32a168b07560254c0ab771905e37 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 12 Jun 2019 15:41:07 +0200
Subject: [PATCH] Add SNI/STARTTLS, pwnedkeys

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c24d94b..da994fa3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@
 * TLS Robustness check (GREASE)
 * Expect-CT Header Detection
 * `--phone-out` does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
+* `--phone-out` checks whether the private key has been compromised via https://pwnedkeys.com/
 * Fully OpenBSD and LibreSSL support
 * Missing SAN warning
 * Added support for private CAs
@@ -33,6 +34,7 @@
 * Better support for XMPP via STARTTLS & faster
 * Certificate check for to-name in stream of XMPP
 * Support for NNTP via STARTTLS
+* Support for SNI and STARTTLS
 * More robustness for any STARTTLS protocol (fall back to plaintext while in TLS)
 * Fixed TCP fragmentation
 * Added `--ids-friendly` switch