Date: Wed, 16 Sep 2015 18:35:52 +0200 From: Dirk Wetter <dirk@...tssl.sh> To: oss-security@...ts.openwall.com Subject: New release (2.6.) of testssl.sh Hi, version 2.6 of the SSL/TLS checker "testssl.sh" is out! testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and it does more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. Version 2.6 includes major improvements (ids from github): * LOGJAM: check of DHE_EXPORT ciphers, displays DH(/ECDH) bits in wide mode on negotiated ciphers * (HTTP) proxy support! Via sockets and openssl -- Thx @jnewbigin * TLS_FALLBACK_SCSV check -- Thx @JonnyHightower * TLS 1.0-1.1 as socket checks per default in production * TLS time and HTTP time stamps for architecture fiingerprinting * support of sockets also for STARTTLS protocol checks * TLS time displayed also for STARTTLS * binary directory provides out of the box better suited binaries (with up to 195 ciphers), besides Linux static binaries: * OS X binaries (new builds from @jpluimers) * FreeBSD binary * ARM binary (@f-s) * Extended validation certificate detection * "wide mode" option for checks like RC4, BEAST. PFS: Displays hexcode, kx, strength, DH bits, RFC cipher name * will test multiple IP adresses in one shot, --ip= restricts it accordingly * runs in default mode through all ciphers at the end of a default run * new mass testing file option --file option where testssl.sh commands are being read from, see https://twitter.com/drwetter/status/627619848344989696 * displays matching host key (HPKP) * further detection of security relevant headers (reverse proxy, IPv4 addresses) as well as proprietary banners (OWA, Liferay etc.) * can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams). * quite some fixes when using LibreSSL, still not recommended to use though (see https://testssl.sh/) * lots of fixes, code improvements, even more robust Get it while it's hot @ https://testssl.sh or @ github where all development action takes place: https://github.com/drwetter/testssl.sh/tree/2.6 . Some of the planned feaures for the next release see https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29 Cheers, Dirk (@drwetter)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.