|
3 | 3 |
|
4 | 4 | ### Features implemented / improvements in 3.2rcX |
5 | 5 |
|
| 6 | +* Rating (SSL Labs, not complete) |
6 | 7 | * Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default) |
7 | 8 | * Improved compatibility with OpenSSL 3.0 |
| 9 | +* Improved compatibility with Open/LibreSSL versions not suppoting TLS 1.0-1.1 anymore |
8 | 10 | * Renamed PFS/perfect forward secrecy --> FS/forward secrecy |
| 11 | +* Cipher list straightening |
9 | 12 | * Improved mass testing |
10 | | -* Align better colors of ciphers with standard cipherlists |
11 | | -* Added several ciphers to colored ciphers |
| 13 | +* switched to multi-stage image with opensuse base to avoid musl libc issues |
| 14 | +* Btter align colors of ciphers with standard cipherlists |
| 15 | +* Several ciphers more colorized |
12 | 16 | * Percent output char problem fixed |
13 | 17 | * Several display/output fixes |
14 | 18 | * BREACH check: list all compression methods and add brotli |
15 | 19 | * Test for old winshock vulnerability |
16 | 20 | * Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP) |
17 | | -* Security fix: DNS input |
18 | | -* Don't use external pwd anymore |
19 | 21 | * STARTTLS: XMPP server support |
20 | | -* Code improvements to STARTTLS |
21 | | -* Detect better when no STARTTLS is offered |
22 | | -* Rating (SSL Labs, not complete) |
| 22 | +* Several code improvements to STARTTLS, also better detection when no STARTTLS is offered |
| 23 | +* STARTTLS on active directory service support |
| 24 | +* Security fixes: DNS and other input from servers |
23 | 25 | * Don't penalize missing trust in rating when CA not in Java store |
24 | 26 | * Added support for certificates with EdDSA signatures and public keys |
| 27 | +* Extract CA list shows supported certification authorities sent by the server |
| 28 | +* TLS 1.2 and TLS 1.3 sig algs added |
| 29 | +* Check for ffdhe groups |
| 30 | +* Show server supported signature algorithms |
25 | 31 | * --add-ca can also now be a directory with \*.pem files |
26 | 32 | * Warning of 398 day limit for certificates issued after 2020/9/1 |
27 | 33 | * Added environment variable for amount of attempts for ssl renegotiation check |
28 | 34 | * Added --user-agent argument to support using a custom User Agent |
29 | 35 | * Added --overwrite argument to support overwriting output files without warning |
30 | 36 | * Headerflag X-XSS-Protection is now labeled as INFO |
| 37 | +* Strict parser for HSTS |
| 38 | +* DNS via proxy improvements |
31 | 39 | * Client simulation runs in wide mode which is even better readable |
32 | 40 | * Added --reqheader to support custom headers in HTTP requests |
33 | 41 | * Test for support for RFC 8879 certificate compression |
34 | | -* Check for ffdhe groups |
35 | 42 | * New set of OpenSSL-bad binaries with STARTTLS xmpp-server |
36 | 43 | * Save a few cycles for ROBOT |
37 | 44 | * Provide a better verdict wrt to server order: Now per protocol and ciphers are |
38 | 45 | weighted for each protocol |
39 | 46 | * Remove "negotiated cipher / protocol" |
40 | | -* Extract CA list shows supported certification authorities sent by the server |
41 | | -* Show server supported signature algorithms |
| 47 | +* Deprecating --fast and --ssl-native (warning but still av) |
42 | 48 | * Compatible to GNU grep 3.8 |
43 | | -* STARTTLS on active directory service works now |
| 49 | +* Don't use external pwd command anymore |
44 | 50 |
|
45 | 51 |
|
46 | 52 | ### Features implemented / improvements in 3.0 |
|
0 commit comments