Version 3.0 rc6
This is the sixth release candidate of testssl.sh 3.0 to reflect recent improvements. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 is not supported anymore. Bug fixing will take place in 3.0* only. This is a stable release.
This release contains some new features and more bug fixes:
- Socket timeouts (
--connect-timeout) - IDN/IDN2 servername support
- pwnedkeys.com support
- Initial support for certificate compression
- Initial client certificate support
- Better indentation for HTTP header outputs
- Better parsing of HTTP headers
- Penalize absence of TLS 1.2 anymore if server supports TLS 1.3 only
- Several improvements related to protocol determination and downgrade responses
- Some logic related using TLS 1.3 aware OpenSSL binaries more or less automagically
- Internal improvements to server preference checks
- Lots of internal and some speed improvements in "pre-flight checks" (comes before outputting any test)
- Mark TLS 1.0 and TLS 1.1 as deprecated
- Support newer OpenSSL/LibreSSL versions
- Improved detection of wrong user input when file was supplied for --csv,--json and --html
- Update client handshakes with newer client data and deprecate other clients
- Regression in CAA RR fixed
- Session resumption fixes
- Session ticket fixes
- Fixes for STARTTLS MySQL and PostgreSQL
- Unit tests for (almost) every STARTTLS protocol supported
- A lot of minor fixes
This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.
If you like this program we would appreciate donations (see https://testssl.sh/#donations) for a coffee, beer, wine, whisky -- or if you just say "Thank you". This keeps us motivated further continuing development.