|
12 | 12 | * Improved compatibility with Open/LibreSSL versions not supporting TLS 1.0-1.1 anymore |
13 | 13 | * Renamed PFS/perfect forward secrecy --> FS/forward secrecy |
14 | 14 | * Cipher list straightening |
| 15 | +* Support RFC 9150 cipher suites |
15 | 16 | * Improved mass testing |
16 | 17 | * Better align colors of ciphers with standard cipherlists |
17 | 18 | * Save a few cycles for ROBOT |
|
23 | 24 | * Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP) |
24 | 25 | * STARTTLS: XMPP server support, plus new set of OpenSSL-bad binaries |
25 | 26 | * Several code improvements to STARTTLS, also better detection when no STARTTLS is offered |
| 27 | +* Renegotiation checks more reliable against different servers |
26 | 28 | * STARTTLS on active directory service support |
27 | 29 | * Security fixes: DNS and other input from servers |
28 | 30 | * Don't penalize missing trust in rating when CA not in Java store |
29 | 31 | * Added support for certificates with EdDSA signatures and public keys |
30 | 32 | * Extract CA list shows supported certification authorities sent by the server |
| 33 | +* Wildcard detction of certificate and warning |
31 | 34 | * TLS 1.2 and TLS 1.3 sig algs added |
32 | 35 | * Check for ffdhe groups |
| 36 | +* Check for three KEMs in draft-kwiatkowski-tls-ecdhe-mlkem/draft-tls-westerbaan-xyber768d00 |
33 | 37 | * Show server supported signature algorithms |
34 | 38 | * --add-ca can also now be a directory with \*.pem files |
35 | 39 | * Warning of 398 day limit for certificates issued after 2020/9/1 |
|
41 | 45 | * DNS via proxy improvements |
42 | 46 | * Client simulation runs in wide mode which is even better readable |
43 | 47 | * Added --reqheader to support custom headers in HTTP requests |
| 48 | +* Search for more HTTP security headers on the server |
44 | 49 | * Test for support for RFC 8879 certificate compression |
45 | 50 | * Deprecating --fast and --ssl-native (warning but still av) |
46 | 51 | * Compatible to GNU grep 3.8 |
|
0 commit comments