* Fix bash 5 issue when encountering a short server key extension
* Fix HTML issue when using bash 5
* CAA DNS records are now not being queried when nodns is set
* MongoDB identification fix
* Sanity check when user has broken umask to avoid runtime errors
* Fix for newer grep versions
* Address weird globbing in bash 3.0
* Fix regexp in STARTTLS detection
* Secure renegotiation fix: SNI
* Ensure control chars from HTTP header don't end up in html,csv
or json
* Add sha1WithRSA to sha1WithRSAEncryption for certificates
* Fix potential infinite loop in run_pfs()
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=21
- Update to version 3.0.8
* Fix grep 3.8 warnings on fgrep and unneeded escapes of hyphen, slash, space (Geert)
* Fix alignment for cipher output (David)
* News binaries (Darwin from Barry), carry now the appendix -bad and fixes a security problem.
* Backport from higher OpenSSL version to support xmpp-server
* Fix CT (David)
* Fix decryption of TLS 1.3 response (David)
* Upgrade Dockerfile to Alpine to 3.15
* Fix pretty JSON formatting when warning is issued (David)
* Update of certificate stores
* Major update of client simulation (9 new simulations , >4 removed in default run)
* Fix CRIME output on servers only supporting TLS 1.3 (Tomasz)
* Fix censys link
* Fix ome handshake problems w $OPENSSL ciphers, extend determine_optimal_sockets_params() to more
* ciphers, fix PROTOS_OFFERED (David)
* Relax STARTTLS FTP requirement so that it doesn't require TLS after AUTH
* Fix run_server_preference() with no default protocol (David)
* Fix getting CRL / NO_SESSION_ID under some circumstances (David)
* Improve/fix OpenSSL 3.0 compatibility (David)
* Fix formatting to documentation
* Add FFDHE groups to supported_groups (David)
* Include RSA-PSS in ClientHello (David)
- Requires: bind-utils for required tools dig, host and nslookup
OBS-URL: https://build.opensuse.org/request/show/1006790
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=17
- Update to version 3.0.7
* Fix "ID resumption test failed" bug under Darwin
* Fix "locale error message when en_US.UTF-8 isn't available" bug
* Fix "Darwin / LibreSSL startup problem" which leads to a question upfront
* Make upfront handshake tests more compatible by adding </dev/null
* Take 'HTTP Age' HTTP header into account when determine HTTP time
* Fix JSON header (structured JSON output) name
* Robustness: Update reset_hostdepended_vars() for mass tests
* Simplify determination of git stuff
* Fix "newline to spaces" in JSON and CSV findings
* Fix "Bad file descriptor with --connect-timeout option"
* SSLv2 fixes, OpenSSL fixes 3.X
* Improve cipher_pref_check() for detecting prioritization of ChaCha ciphers
* Simplify + speed up pre-check
* Addressing lame DNS responses on WSL
* Fix big serial # issue in certs
* Fix invalid JSON when certificate issuer containing non-ASCII chars
OBS-URL: https://build.opensuse.org/request/show/994910
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=15
- Update to version 3.0.6
* Bugfix: Remove DST x3 Root CA which lead to trust issues for
servers using a Letsencrypt certificate (Miguel Jacq)
* Bugfix: Newer openssl.cnf break detection of openssl binary
* Documenation update to reflect renaming standard ciphers to
cipher categories
* Ignore usage of ~/.digrc where possible
* Fixing host information in JSON output when using STARTTLS
XMPP
* TLS 1.3 improvements wrt server certificates
* Bugfix: Order of -U --ids-friendly doesn't matter anymore
* Disable ANSI codes when TERM=screen
* Improved SSL/TLS port detection in nmap greppable files
using as input to testssl.sh
* Bugfix when nmap files had .txt extension
* Display certficate time in UTC
* Use _uname -n`` instead of hostname --> POSIX
* Few output fixes
OBS-URL: https://build.opensuse.org/request/show/922880
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=14
- Update to version 3.0.5
* Fix off by one error in HSTS (now: 180 instead of 179 days)
* Fix minor output inconsistency in JSON output (Chad)
* Improve compatibility for OpenSSL 3.0 (David Cooper)
* Fix localization issue for ciphers where e.g. in Swedish W is
being treated as a variant of V so that the W in
TLS_ECDHE_RSA_WITH* didn't match the bash pattern
* Fixes in file openssl-iana.mapping.html (Elfranne)
* Fix quoting for CVE+JSON output in run_heartbleed()
* Fix trailing dot issue in hostnames
* Fix improper proper halving of the dates for Let's Encrypt
certificates
OBS-URL: https://build.opensuse.org/request/show/892123
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=12
- Update to version 3.0.4
* This version is a quick fix for a regression of detecting SSLv2
ciphers in a basic function.
- Update to version 3.0.3
* Update certificate stores
* manpage fix (Karl)
* minor speedups for some vulnerability tests
* bash 5.1 fix
* Secure Client-Initiated Renegotiation false positive fix
* BREACH is now medium
* invalid JSON fix and other JSON improvements (David)
* Adding native Android 7 handshake instead of Chrome which has
TLS 1.3 (Christoph)
* Header flag X-XSS-Protection is now labled as INFO
* No cyan colors in HHHTP header flags anymore, colons added
OBS-URL: https://build.opensuse.org/request/show/851098
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=10
- Update to version 3.0.1
* Fix hang in BEAST check when there are ciphers starting with
SSL_* but which are no SSLv2 cipher
* Fix bug in setting DISPLAY_CIPHERNAMES when
$CIPHERS_BY_STRENGTH_FILE is not a/v.
* Fix basic auth LF problem
* Fix printing percent chars
* Fix minor HTML generation bug
* Fix security bug: sanitizing DNS input
* make --ids-friendly work again
* Update sneaky user agent
* Update links in code comments
* Cosmetic code updates
* Fix output bug when >1 PTR records returned
* More output fixes
OBS-URL: https://build.opensuse.org/request/show/794132
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=6
- fix bash path for Leap 15.x (where bash still is /bin/bash)
This was reported on the factory ML, and since it's an easy fix, I did this quick SR instead of recommending the bugzilla paperwork ;-)
Please also re-submit the updated package to Leap 15.2 - the current submission is blocked by the installcheck which (rightfully) complains that /usr/bin/bash doesn't exist in Leap 15.2
OBS-URL: https://build.opensuse.org/request/show/791269
OBS-URL: https://build.opensuse.org/package/show/network:utilities/testssl.sh?expand=0&rev=4
