Testing TLS/SSL encryption anywhere on any port
GPL-2.0 License
Bot releases are hidden (Show)
While a few minor things are planned for the 3.2 final version here's a release of our RC which includes a log of fixes and at least the following improvements over 3.0.x:
Thanks to all who contributed! See CREDITS.md file.
You are encouraged to switch to 3.2.
Published by drwetter about 2 years ago
You are encouraged to switch to 3.2 as this might be the latest maintenance release. Especially distributions.
Published by drwetter over 2 years ago
Published by drwetter about 3 years ago
Published by drwetter about 3 years ago
This is the final release of 3.0.
After making several RCs it's now time to do a release. Here are the major changes with respect to 2.9.5:
--connect-timeout
)openssl connect
-- useful for batch/mass scanningdetermine_optimal_\*()
)--phone-out
does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL--phone-out
checks whether the private key has been compromised via https://pwnedkeys.com/
--ids-friendly
switchEach release candidate actually brought a load of improvements.
If you like this program we would appreciate donations (see https://testssl.sh/#donations) for a coffee, beer, wine, single malt -- or if you just say "Thank you". This keeps us motivated further continuing the development.
"Us" is mainly David Cooper, without him the program haven not been boldy going where it is now and myself. Also we received a lot of contributions for which are very thankful for. Please keep on contributing!
Legal disclaimer: This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.
Published by drwetter over 3 years ago
Another maintenance release of the stable branch 3.0 with the following changes:
TLS_ECDHE_RSA_WITH*
didn't match the bash patternopenssl-iana.mapping.html
(Elfranne)run_heartbleed()
Details see git log.
Published by drwetter almost 4 years ago
This version is a quick fix for a regression of detecting SSLv2 ciphers in a basic function. Please upgrade.
Details see git log.
Published by drwetter almost 4 years ago
Please use 3.0.4. instead
Another maintenance release of the stable branch 3.0 with the following changes:
Details see git log.
Published by drwetter over 4 years ago
This is another bugfix release of the stable branch 3.0 with roughly the following changes:
Details see git log.
Published by drwetter over 4 years ago
This is a bugfix release of the stable branch 3.0 with roughly the following changes:
Details see git log.
Published by drwetter over 4 years ago
This is a former bugfix release of the stable branch 3.0
The numbering scheme has changed not to use a dash. So please don't use this version. Use 3.0.1 instead
Published by drwetter almost 5 years ago
This is the sixth release candidate of testssl.sh 3.0 to reflect recent improvements. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 is not supported anymore. Bug fixing will take place in 3.0* only. This is a stable release.
This release contains some new features and more bug fixes:
--connect-timeout
)This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.
If you like this program we would appreciate donations (see https://testssl.sh/#donations) for a coffee, beer, wine, whisky -- or if you just say "Thank you". This keeps us motivated further continuing development.
Published by drwetter over 5 years ago
This is the fifth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released: Bug fixing will take place here only.
We take robustness seriously. This release contains bug fixes mostly.
For all changes, use git log
. Excerpt:
This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.
If you like this program we would appreciate donations (see https://testssl.sh/#donations) for a coffee, beer, wine, whisky -- or if you just say "Thank you"
Published by drwetter over 5 years ago
This update contains bugfixes. (Changelog: https://github.com/drwetter/testssl.sh/compare/v2.9.5-7...2.9.5) . It is the last release of the 2.9.5 branch.
Note please: It is highly recommended to switch to >=3.0rc4 now (see tag in the 2.9dev branch) now. There are a few known bugs in 2.9.5 which won't be backported as it requires a larger effort. Besides another leap forward in features (bigger ones: TLS 1.3 and ROBOT check) 3.0rc4+ is also working with OpenSSL 1.1.1.
Published by drwetter over 5 years ago
This is the fourth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released: Bug fixing will take place here only.
We take robustness seriously. This release contains bug fixes mostly.
For all changes, use git log
.
Changes, TL;DR:
Documentation fixes and additions
Add new openssl helper binaries (except Darwin 64Bit, see https://github.com/drwetter/testssl.sh/issues/390#issuecomment-455661148)
Bug fix: Scan continues if one of multiple IP addresses per hostname has a problem
"eTLS" detection ("visibility information")
Minimize initial warning "doesn't seem to be a TLS/SSL enabled server" by using sockets
Several improvement for SSLv2 only servers
Handle different cipher preference < TLS 1.3 vs. TLS 1.3
Clarify & improve Standard Cipher check (potentially breaking change)
Improve SWEET32 test
Finding certificates is faster and independent on openssl
This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.
If you like this program we would appreciate donations (see https://testssl.sh/#donations) or just saying "Thank you"
Published by drwetter almost 6 years ago
This is the third release candidate of testssl.sh 3.0 to reflect the recent changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released: Bug fixing will take place only here.
Changes, TL;DR:
Please note that if you're using the program for a paid or free public service you need mention where you got this program from.
Published by drwetter about 6 years ago
This is a release of the second release candidate of testssl.sh 3.0 to reflect he recent changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released.
Changes, TL;DR:
Changes, logs: https://github.com/drwetter/testssl.sh/compare/3.0rc1...2.9dev
Published by drwetter about 6 years ago
This is a release of the first release candidate of testssl.sh 3.0.
It comes with numerous new features like ROBOT check, proper TLS 1.3 detection in every check and last but not least it provides good compatibility to the freshly released OpenSSL 1.1.1 version.
All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released.
Published by drwetter about 6 years ago
This update contains a few bugfixes only. (Changelog: https://github.com/drwetter/testssl.sh/compare/v2.9.5-5...2.9.5) . It is likely the last release of the 2.9.5 branch. This replaces 2.9.5-6 which was accidentally pointing to the wrong branch.
In general it is highly recommended to switch to 3.0rcX now (see tag in the 2.9dev branch). Besides another leap forward in features (bigger ones: TLS 1.3 and ROBOT check) 3.0rcX is also working with OpenSSL 1.1.1. There are a few known bugs in the 3.0 branch which need to be resolved, they also appear in 2.9.5. Not sure whether the fixes will be backported.
Published by drwetter over 6 years ago
This update contains a bugfix (and a clarification in help/documentation) only. It does not contain any new features.
The bug fix is for Mac OS X only. The was an error where MacOS X' date hiccuped when a timezone conversion was requested but not supplied.
For a description of testssl.sh in general please see 2.9.5-1.
Please note this release still carries -4
as a minor version. Due to an "user error" v2.9.5-4 (deleted) was pointing to 2.9dev instead of 2.9.5.