testssl.sh-3.0.8-1.2 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

testssl.sh is a free command line tool which checks a server's service on
any port for the support of TLS/SSL ciphers, protocols as well as some
cryptographic flaws.

Provides

• testssl.sh

Requires

• /usr/bin/bash
• bash >= 3.2
• bind-utils
• openssl
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

GPL-2.0-or-later

Changelog

* Wed Sep 28 2022 Jeff Kowalczyk <jkowalczyk@suse.com>
  - Update to version 3.0.8
    * Fix grep 3.8 warnings on fgrep and unneeded escapes of hyphen, slash, space (Geert)
    * Fix alignment for cipher output (David)
    * News binaries (Darwin from Barry), carry now the appendix -bad and fixes a security problem.
    * Backport from higher OpenSSL version to support xmpp-server
    * Fix CT (David)
    * Fix decryption of TLS 1.3 response (David)
    * Upgrade Dockerfile to Alpine to 3.15
    * Fix pretty JSON formatting when warning is issued (David)
    * Update of certificate stores
    * Major update of client simulation (9 new simulations , >4 removed in default run)
    * Fix CRIME output on servers only supporting TLS 1.3 (Tomasz)
    * Fix censys link
    * Fix ome handshake problems w $OPENSSL ciphers, extend determine_optimal_sockets_params() to more
    * ciphers, fix PROTOS_OFFERED (David)
    * Relax STARTTLS FTP requirement so that it doesn't require TLS after AUTH
    * Fix run_server_preference() with no default protocol (David)
    * Fix getting CRL / NO_SESSION_ID under some circumstances (David)
    * Improve/fix OpenSSL 3.0 compatibility (David)
    * Fix formatting to documentation
    * Add FFDHE groups to supported_groups (David)
    * Include RSA-PSS in ClientHello (David)
  - Requires: bind-utils for required tools dig, host and nslookup
* Sat Aug 13 2022 Jeff Kowalczyk <jkowalczyk@suse.com>
  - Update to version 3.0.7
    * Fix "ID resumption test failed" bug under Darwin
    * Fix "locale error message when en_US.UTF-8 isn't available" bug
    * Fix "Darwin / LibreSSL startup problem" which leads to a question upfront
    * Make upfront handshake tests more compatible by adding </dev/null
    * Take 'HTTP Age' HTTP header into account when determine HTTP time
    * Fix JSON header (structured JSON output) name
    * Robustness: Update reset_hostdepended_vars() for mass tests
    * Simplify determination of git stuff
    * Fix "newline to spaces" in JSON and CSV findings
    * Fix "Bad file descriptor with --connect-timeout option"
    * SSLv2 fixes, OpenSSL fixes 3.X
    * Improve cipher_pref_check() for detecting prioritization of ChaCha ciphers
    * Simplify + speed up pre-check
    * Addressing lame DNS responses on WSL
    * Fix big serial # issue in certs
    * Fix invalid JSON when certificate issuer containing non-ASCII chars
* Sun Oct 03 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 3.0.6
    * Bugfix: Remove DST x3 Root CA which lead to trust issues for
      servers using a Letsencrypt certificate (Miguel Jacq)
    * Bugfix: Newer openssl.cnf break detection of openssl binary
    * Documenation update to reflect renaming standard ciphers to
      cipher categories
    * Ignore usage of ~/.digrc where possible
    * Fixing host information in JSON output when using STARTTLS
      XMPP
    * TLS 1.3 improvements wrt server certificates
    * Bugfix: Order of -U --ids-friendly doesn't matter anymore
    * Disable ANSI codes when TERM=screen
    * Improved SSL/TLS port detection in nmap greppable files
      using as input to testssl.sh
    * Bugfix when nmap files had .txt extension
    * Display certficate time in UTC
    * Use _uname -n`` instead of hostname --> POSIX
    * Few output fixes
* Mon May 10 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 3.0.5
    * Fix off by one error in HSTS (now: 180 instead of 179 days)
    * Fix minor output inconsistency in JSON output (Chad)
    * Improve compatibility for OpenSSL 3.0 (David Cooper)
    * Fix localization issue for ciphers where e.g. in Swedish W is
      being treated as a variant of V so that the W in
      TLS_ECDHE_RSA_WITH* didn't match the bash pattern
    * Fixes in file openssl-iana.mapping.html (Elfranne)
    * Fix quoting for CVE+JSON output in run_heartbleed()
    * Fix trailing dot issue in hostnames
    * Fix improper proper halving of the dates for Let's Encrypt
      certificates
* Thu Nov 26 2020 Matthias Fehring <buschmann23@opensuse.org>
  - Update to version 3.0.4
    * This version is a quick fix for a regression of detecting SSLv2
      ciphers in a basic function.
* Thu Nov 19 2020 Matthias Fehring <buschmann23@opensuse.org>
  - Update to version 3.0.3
    * Update certificate stores
    * manpage fix (Karl)
    * minor speedups for some vulnerability tests
    * bash 5.1 fix
    * Secure Client-Initiated Renegotiation false positive fix
    * BREACH is now medium
    * invalid JSON fix and other JSON improvements (David)
    * Adding native Android 7 handshake instead of Chrome which has
      TLS 1.3 (Christoph)
    * Header flag X-XSS-Protection is now labled as INFO
    * No cyan colors in HHHTP header flags anymore, colons added
* Fri Jul 24 2020 Matthias Fehring <buschmann23@opensuse.org>
  - Update to version 3.0.2
    * Remove potential licensing conflicts
    * Fix situations when TLS 1.3 is used for Ticketbleed check
    * Improved compatibility with LibreSSL 3.0
    * Add brotil compression to BREACH
    * Faster and more robust XMPP STARTTLS handshakes
    * More robust STARTTLS handshakes
    * Fix outputs, sometimes misleading
* Wed Apr 15 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 3.0.1
    * Fix hang in BEAST check when there are ciphers starting with
      SSL_* but which are no SSLv2 cipher
    * Fix bug in setting DISPLAY_CIPHERNAMES when
      $CIPHERS_BY_STRENGTH_FILE is not a/v.
    * Fix basic auth LF problem
    * Fix printing percent chars
    * Fix minor HTML generation bug
    * Fix security bug: sanitizing DNS input
    * make --ids-friendly work again
    * Update sneaky user agent
    * Update links in code comments
    * Cosmetic code updates
    * Fix output bug when >1 PTR records returned
    * More output fixes
* Fri Apr 03 2020 Christian Boltz <suse-beta@cboltz.de>
  - fix bash path for Leap 15.x
* Thu Jan 23 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 3.0
    * Full support of TLS 1.3, shows also drafts supported
    * Extended protocol downgrade checks
    * ROBOT check
    * Better TLS extension support
    * Better OpenSSL 1.1.1 and higher versions support as well as
      LibreSSL >3
    * DNS over Proxy and other proxy improvements
    * Decoding of unencrypted BIG IP cookies
    * Initial client certificate support
    * Warning of 825 day limit for certificates issued after
      2018/3/1
    * Socket timeouts (--connect-timeout)
    * IDN/IDN2 servername/URI + emoji support, supposed
      libidn/idn2 is installed and DNS resolver is recent)support
    * Initial support for certificate compression
    * Better JSON output: renamed IDs and findings shorter/better
      parsable, also includes certficate
    * JSON output now valid also for non-responding servers
    * Testing now per default 370 ciphers
    * Further improving the robustness of TLS sockets (sending
      and parsing)
    * Support of supplying timeout value for openssl connect
    - - useful for batch/mass scanning
    * File input for serial or parallel mass testing can be also in
      nmap grep(p)able (-oG) format
    * LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2)
    * PFS: Display of elliptical curves supported, DH and FFDHE
      groups (TLS 1.2 + TLS 1.3)
    * Check for session resumption (Ticket, ID)
    * TLS Robustness check GREASE and more
    * Server preference distinguishes between TLS 1.3 and lower
      protocols
    * Mark TLS 1.0 and TLS 1.1 as deprecated
    * Does a few startup checks which make later tests easier and
      faster (determine_optimal_\*())
    * Expect-CT header detection
    * --phone-out does certificate revocation checks via OCSP
      (LDAP+HTTP) and with CRL
    * --phone-out checks whether the private key has been
      compromised via https://pwnedkeys.com/
    * Missing SAN warning
    * Added support for private CAs
    * Way better handling of connectivity problems (counting those,
      if threshold exceeded -> bye)
    * Fixed TCP fragmentation
    * Added --ids-friendly switch
    * Exit codes better: 0 for running without error, 1+n for small
      errors, >240 for major errors.
    * Better error msg suppression (not fully installed OpenSSL)
    * Better parsing of HTTP headers & better output of longer HTTP
      headers
    * Display more HTTP security headers
    * HTTP Basic Auth support for HTTP header
    * experimental "eTLS" detection
    * Dockerfile and repo @ docker hub with that file (see above)
    * Java Root CA store added
    * Better support for XMPP via STARTTLS & faster
    * Certificate check for to-name in stream of XMPP
    * Support for NNTP and LMTP via STARTTLS, fixes for MySQL and
      PostgresQL
    * Support for SNI and STARTTLS
    * More robustness for any STARTTLS protocol (fall back to
      plaintext while in TLS caused problems)
    * Renegotiation checks improved, also no false potive for Node.js
      anymore
    * Major update of client simulations with self-collected
      up-to-date data
    * Update of CA certificate stores
    * Lots of bug fixes
    * More travis/CI checks -- still place for improvements
    * Bigger man page review
  - specfile cleanup
  - Add testssl.sh.rpmlintrc

Files

/usr/bin/testssl.sh
/usr/share/doc/packages/testssl.sh
/usr/share/doc/packages/testssl.sh/CHANGELOG.md
/usr/share/doc/packages/testssl.sh/CREDITS.md
/usr/share/doc/packages/testssl.sh/Readme.md
/usr/share/licenses/testssl.sh
/usr/share/licenses/testssl.sh/LICENSE
/usr/share/man/man1/testssl.sh.1.gz
/usr/share/testssl-sh
/usr/share/testssl-sh/etc
/usr/share/testssl-sh/etc/Apple.pem
/usr/share/testssl-sh/etc/DST Root CA X3.txt
/usr/share/testssl-sh/etc/Java.pem
/usr/share/testssl-sh/etc/Linux.pem
/usr/share/testssl-sh/etc/Microsoft.pem
/usr/share/testssl-sh/etc/Mozilla.pem
/usr/share/testssl-sh/etc/README.md
/usr/share/testssl-sh/etc/ca_hashes.txt
/usr/share/testssl-sh/etc/cipher-mapping.txt
/usr/share/testssl-sh/etc/client-simulation.txt
/usr/share/testssl-sh/etc/client-simulation.wiresharked.md
/usr/share/testssl-sh/etc/client-simulation.wiresharked.txt
/usr/share/testssl-sh/etc/common-primes.txt
/usr/share/testssl-sh/etc/curves-mapping.txt
/usr/share/testssl-sh/etc/curves.txt
/usr/share/testssl-sh/etc/openssl.cnf
/usr/share/testssl-sh/etc/tls_data.txt

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 12:39:58 2024