* OpenSSL 3.5 is now the minimum version to build against
* Various code cleanup dropping support for legacy OpenSSL
versions (credit tetlowgm)
* Handle some servers that rejecting large ClientHello
messages (credit jtesta)
* Add support for new post-quantum groups (credit jtesta)
* Update the output colouring of various ciphers/groups/etc
* Flag CCM8 ciphers as weak and manually override their
displayed bit strength to match newer versions of OpenSSL
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=48
* Work around several dodgy TLS implementations
Note that there are also some breaking changes to the XML output, which are
* Added check for
* Improve new protocol setup support for STARTTLS: POP3, IMAP, FTP, and
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=36
- update to 2.0.10:
* Add the --connect-timeout option (credit alkalim)
* Fix a typo in output
* Warn on TLSv1.1, as it's now deprecated by RFC 8996
* Fix a bug with LDAP STARTTLS
* Fix certificate detection on some broken servers
* Fix missing SCSV Fallback in XML output
* Don't show server signature algorithms by default
* Use --show-sigs to display them
OBS-URL: https://build.opensuse.org/request/show/892437
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslscan?expand=0&rev=9
- update to 2.0.10:
* Add the --connect-timeout option (credit alkalim)
* Fix a typo in output
* Warn on TLSv1.1, as it's now deprecated by RFC 8996
* Fix a bug with LDAP STARTTLS
* Fix certificate detection on some broken servers
* Fix missing SCSV Fallback in XML output
* Don't show server signature algorithms by default
* Use --show-sigs to display them
OBS-URL: https://build.opensuse.org/request/show/892305
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=25
- Upgrade to version 2.0.6
* Add <error> element to XML output
* Fix the extraneous padding of HTTP responses in XML
* Update the HTTP request to HTTP/1.1
* More robust checking the HTTP response is valid
* Display "No response" when no HTTP response is returned
* Remove the broken HTTP request scanning option (--http)
* Fix --targets not working properly
* Flag certificates in red if CN is the same as issuer
OBS-URL: https://build.opensuse.org/request/show/856863
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=23
- Upgrade to version 2.0.0
Version 2 of sslscan includes a major rewrite of the backend scanning code,
which means that it is no longer reliant on the version of OpenSSL for many
checks. This means that it is possible to support legacy protocols (SSLv2 and
SSLv3), as well as supporting TLSv1.3 - regardless of the version of OpenSSL
that it has been compiled against. It is still recommended to build statically
where possible, but dynamically built version should be significantly more
useful.
Note that there are also some breaking changes to the XML output, which are
documented in the readme file.
This rewrite been made possible largely by the work of jtesta, who has been
responsible for most of the backend rewrite.
- Cleaned up spec file
OBS-URL: https://build.opensuse.org/request/show/822397
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=19
- Upgrade to version 2.0.0-beta6
* Various bugfixes
* Added -4 and -6 options to force IPv4 and IPv6.
* Added strength attribute to XML to reflect colouring in stdout
* Checks for server signature algorithms.
* Checks for server key exchange groups.
* Support for SSLv2 and SSLv3 protocol detection regardless of OpenSSL
* Support for TLSv1.3
* Support for additional cipher suites.
* Print curve name and key strength for ECC certs
* Fix a bug with servers that return incorrect cipher IDs.
* Add a new "<certificates>" element to the XML output.
* Remove the "Signature Algorithm:" text and spacing from the XML.
* Report servers that accept any signature algorithm in the XML
- Rebased fedora-sslscan-patents.patch
- OpenSSL dependency bumped to >= 1.1
OBS-URL: https://build.opensuse.org/request/show/822258
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=18
The latest version can not be compiled with SLE_11 and SLE12 w/o SP, but it brings a lot of great features:
* Support for
- STARTTLS: POP3, IMAP, FTP, XMPP
- PostgreSQL
- IPv6 addresses
- TLSv1.1 and TLSv1.2
- XMPP server-to-server connections
* Added check for
- OpenSSL Heartbleed
- POODLE
* Highlight the following issues
- weak RSA and DHE keys in output
- SSLv2, SSLv3, RC4 ciphers
- anonymous ADH and AECDH ciphers
- weak (n <= 40 bit) and medium (40 < n <= 56 bit)
* Certificates
- Display certificate signing algorithm highlighting weak algorithms.
- Display certificate key strength highlighting weak keys.
- Flag expired certificates
* Most secure protocols are scanned first
* Display cipher details by default
OBS-URL: https://build.opensuse.org/request/show/438006
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=3
