Changelog for
testssl.sh-3.0.9-30.2.noarch.rpm :
* Wed Jul 24 2024 Martin Hauke
- Update to version 3.0.9
* Fix bash 5 issue when encountering a short server key extension
* Fix HTML issue when using bash 5
* CAA DNS records are now not being queried when nodns is set
* MongoDB identification fix
* Sanity check when user has broken umask to avoid runtime errors
* Fix for newer grep versions
* Address weird globbing in bash 3.0
* Fix regexp in STARTTLS detection
* Secure renegotiation fix: SNI
* Ensure control chars from HTTP header don\'t end up in html,csv or json
* Add sha1WithRSA to sha1WithRSAEncryption for certificates
* Fix potential infinite loop in run_pfs()
* Mon Feb 26 2024 pgajdosAATTsuse.com- Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN
* Wed Sep 28 2022 Jeff Kowalczyk - Update to version 3.0.8
* Fix grep 3.8 warnings on fgrep and unneeded escapes of hyphen, slash, space (Geert)
* Fix alignment for cipher output (David)
* News binaries (Darwin from Barry), carry now the appendix -bad and fixes a security problem.
* Backport from higher OpenSSL version to support xmpp-server
* Fix CT (David)
* Fix decryption of TLS 1.3 response (David)
* Upgrade Dockerfile to Alpine to 3.15
* Fix pretty JSON formatting when warning is issued (David)
* Update of certificate stores
* Major update of client simulation (9 new simulations , >4 removed in default run)
* Fix CRIME output on servers only supporting TLS 1.3 (Tomasz)
* Fix censys link
* Fix ome handshake problems w $OPENSSL ciphers, extend determine_optimal_sockets_params() to more
* ciphers, fix PROTOS_OFFERED (David)
* Relax STARTTLS FTP requirement so that it doesn\'t require TLS after AUTH
* Fix run_server_preference() with no default protocol (David)
* Fix getting CRL / NO_SESSION_ID under some circumstances (David)
* Improve/fix OpenSSL 3.0 compatibility (David)
* Fix formatting to documentation
* Add FFDHE groups to supported_groups (David)
* Include RSA-PSS in ClientHello (David)- Requires: bind-utils for required tools dig, host and nslookup
* Sat Aug 13 2022 Jeff Kowalczyk - Update to version 3.0.7
* Fix \"ID resumption test failed\" bug under Darwin
* Fix \"locale error message when en_US.UTF-8 isn\'t available\" bug
* Fix \"Darwin / LibreSSL startup problem\" which leads to a question upfront
* Make upfront handshake tests more compatible by adding * Take \'HTTP Age\' HTTP header into account when determine HTTP time
* Fix JSON header (structured JSON output) name
* Robustness: Update reset_hostdepended_vars() for mass tests
* Simplify determination of git stuff
* Fix \"newline to spaces\" in JSON and CSV findings
* Fix \"Bad file descriptor with --connect-timeout option\"
* SSLv2 fixes, OpenSSL fixes 3.X
* Improve cipher_pref_check() for detecting prioritization of ChaCha ciphers
* Simplify + speed up pre-check
* Addressing lame DNS responses on WSL
* Fix big serial # issue in certs
* Fix invalid JSON when certificate issuer containing non-ASCII chars
* Sun Oct 03 2021 Martin Hauke - Update to version 3.0.6
* Bugfix: Remove DST x3 Root CA which lead to trust issues for servers using a Letsencrypt certificate (Miguel Jacq)
* Bugfix: Newer openssl.cnf break detection of openssl binary
* Documenation update to reflect renaming standard ciphers to cipher categories
* Ignore usage of ~/.digrc where possible
* Fixing host information in JSON output when using STARTTLS XMPP
* TLS 1.3 improvements wrt server certificates
* Bugfix: Order of -U --ids-friendly doesn\'t matter anymore
* Disable ANSI codes when TERM=screen
* Improved SSL/TLS port detection in nmap greppable files using as input to testssl.sh
* Bugfix when nmap files had .txt extension
* Display certficate time in UTC
* Use _uname -n`` instead of hostname --> POSIX
* Few output fixes
* Mon May 10 2021 Martin Hauke - Update to version 3.0.5
* Fix off by one error in HSTS (now: 180 instead of 179 days)
* Fix minor output inconsistency in JSON output (Chad)
* Improve compatibility for OpenSSL 3.0 (David Cooper)
* Fix localization issue for ciphers where e.g. in Swedish W is being treated as a variant of V so that the W in TLS_ECDHE_RSA_WITH
* didn\'t match the bash pattern
* Fixes in file openssl-iana.mapping.html (Elfranne)
* Fix quoting for CVE+JSON output in run_heartbleed()
* Fix trailing dot issue in hostnames
* Fix improper proper halving of the dates for Let\'s Encrypt certificates
* Thu Nov 26 2020 Matthias Fehring - Update to version 3.0.4
* This version is a quick fix for a regression of detecting SSLv2 ciphers in a basic function.
* Thu Nov 19 2020 Matthias Fehring - Update to version 3.0.3
* Update certificate stores
* manpage fix (Karl)
* minor speedups for some vulnerability tests
* bash 5.1 fix
* Secure Client-Initiated Renegotiation false positive fix
* BREACH is now medium
* invalid JSON fix and other JSON improvements (David)
* Adding native Android 7 handshake instead of Chrome which has TLS 1.3 (Christoph)
* Header flag X-XSS-Protection is now labled as INFO
* No cyan colors in HHHTP header flags anymore, colons added
* Fri Jul 24 2020 Matthias Fehring - Update to version 3.0.2
* Remove potential licensing conflicts
* Fix situations when TLS 1.3 is used for Ticketbleed check
* Improved compatibility with LibreSSL 3.0
* Add brotil compression to BREACH
* Faster and more robust XMPP STARTTLS handshakes
* More robust STARTTLS handshakes
* Fix outputs, sometimes misleading
* Wed Apr 15 2020 Martin Hauke - Update to version 3.0.1
* Fix hang in BEAST check when there are ciphers starting with SSL_
* but which are no SSLv2 cipher
* Fix bug in setting DISPLAY_CIPHERNAMES when $CIPHERS_BY_STRENGTH_FILE is not a/v.
* Fix basic auth LF problem
* Fix printing percent chars
* Fix minor HTML generation bug
* Fix security bug: sanitizing DNS input
* make --ids-friendly work again
* Update sneaky user agent
* Update links in code comments
* Cosmetic code updates
* Fix output bug when >1 PTR records returned
* More output fixes