Version 3.0

This is the final release of 3.0.

After making several RCs it's now time to do a release. Here are the major changes with respect to 2.9.5:

• Full support of TLS 1.3, shows also drafts supported
• Extended protocol downgrade checks
• ROBOT check
• Better TLS extension support
• Better OpenSSL 1.1.1 and higher versions support as well as LibreSSL >3
• More robustness for OpenBSD
• DNS over Proxy and other proxy improvements
• Decoding of unencrypted BIG IP cookies
• Initial client certificate support
• Warning of 825 day limit for certificates issued after 2018/3/1
• Socket timeouts (--connect-timeout)
• IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
• Initial support for certificate compression
• Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate
• JSON output now valid also for non-responding servers
• Testing now per default 370 ciphers
• Further improving the robustness of TLS sockets (sending and parsing)
• Support of supplying timeout value for openssl connect -- useful for batch/mass scanning
• File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
• LOGJAM: now checking also for DH and FFDHE groups (TLS 1.2)
• PFS: Display of elliptical curves supported, DH and FFDHE groups (TLS 1.2 + TLS 1.3)
• Check for session resumption (Ticket, ID)
• TLS Robustness check GREASE and more
• Server preference distinguishes between TLS 1.3 and lower protocols
• Mark TLS 1.0 and TLS 1.1 as deprecated
• Does a few startup checks which make later tests easier and faster (determine_optimal_\*())
• Expect-CT header detection
• --phone-out does certificate revocation checks via OCSP (LDAP+HTTP) and with CRL
• --phone-out checks whether the private key has been compromised via https://pwnedkeys.com/
• Missing SAN warning
• Added support for private CAs
• Way better handling of connectivity problems (counting those, if threshold exceeded -> bye)
• Fixed TCP fragmentation
• Added --ids-friendly switch
• Exit codes better: 0 for running without error, 1+n for small errors, >240 for major errors.
• Better error msg suppression (not fully installed OpenSSL)
• Better parsing of HTTP headers & better output of longer HTTP headers
• Display more HTTP security headers
• HTTP Basic Auth support for HTTP header
• experimental "eTLS" detection
• Dockerfile and repo @ docker hub with that file (see above)
• Java Root CA store added
• Better support for XMPP via STARTTLS & faster
• Certificate check for to-name in stream of XMPP
• Support for NNTP and LMTP via STARTTLS, fixes for MySQL and PostgresQL
• Support for SNI and STARTTLS
• More robustness for any STARTTLS protocol (fall back to plaintext while in TLS caused problems)
• Renegotiation checks improved, also no false potive for Node.js anymore
• Major update of client simulations with self-collected up-to-date data
• Update of CA certificate stores
• Lots of bug fixes
• More travis/CI checks -- still place for improvements
• Bigger man page review

Each release candidate actually brought a load of improvements.

If you like this program we would appreciate donations (see https://testssl.sh/#donations) for a coffee, beer, wine, single malt -- or if you just say "Thank you". This keeps us motivated further continuing the development.

"Us" is mainly David Cooper, without him the program haven not been boldy going where it is now and myself. Also we received a lot of contributions for which are very thankful for. Please keep on contributing!

Legal disclaimer: This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.

Version 3.0.5

Another maintenance release of the stable branch 3.0 with the following changes:

• Fix off by one error in HSTS (now: 180 instead of 179 days)
• Fix minor output inconsistency in JSON output (Chad)
• Improve compatibility for OpenSSL 3.0 (David Cooper)
• Fix localization issue for ciphers where e.g. in Swedish W is being treated as a variant of V so that the W in TLS_ECDHE_RSA_WITH* didn't match the bash pattern
• Fixes in file openssl-iana.mapping.html (Elfranne)
• Fix quoting for CVE+JSON output in run_heartbleed()
• Fix trailing dot issue in hostnames
• Fix improper proper halving of the dates for Let's Encrypt certificates
• Documentation update for docker

Details see git log.

Version 3.0.4

This version is a quick fix for a regression of detecting SSLv2 ciphers in a basic function. Please upgrade.

Details see git log.

Version 3.0.3

Please use 3.0.4. instead

Another maintenance release of the stable branch 3.0 with the following changes:

• Update certificate stores
• manpage fix (Karl)
• minor speedups for some vulnerability tests
• bash 5.1 fix
• Secure Client-Initiated Renegotiation false positive fix
• BREACH is now medium
• invalid JSON fix and other JSON improvements (David)
• Adding native Android 7 handshake instead of Chrome which has TLS 1.3 (Christoph)
• Header flag X-XSS-Protection is now labled as INFO
• No cyan colors in HHHTP header flags anymore, colons added
• Dockerfile improvments

Details see git log.

Version 3.0.2

This is another bugfix release of the stable branch 3.0 with roughly the following changes:

• Remove potential licensing conflicts (Dirk)
• Fix situations when TLS 1.3 is used for Ticketbleed check (David)
• Improved compatibility with LibreSSL 3.0 (David)
• Add brotil compression to BREACH (Dirk)
• Faster and more robust XMPP STARTTLS handshakes (Dirk)
• More robust STARTTLS handshakes (David)
• Fix Dockerfile (Dirk)
• Fix outputs, sometimes misleading (David, Dirk)

Details see git log.

Version 3.0.1

This is a bugfix release of the stable branch 3.0 with roughly the following changes:

• Fix hang in BEAST check when there are ciphers starting with SSL_* but which are no SSLv2 cipher (David)
• Fix bug in setting DISPLAY_CIPHERNAMES when $CIPHERS_BY_STRENGTH_FILE is not a/v. (David)
• Fix basic auth LF problem (Manuel)
• Fix printing percent chars (David)
• Fix minor HTML generation bug (David)
• Fix security bug: sanitizing DNS input (Dirk)
• make --ids-friendly work again (Dirk)
• Update sneaky user agent (Dirk)
• Update links in code comments (Jaroslav)
• Cosmetic code updates (David, Dirk)
• Fix output bug when >1 PTR records returned (Dirk)
• More output fixes (David, Dirk)

Details see git log.

Version 3.0-1

This is a former bugfix release of the stable branch 3.0

The numbering scheme has changed not to use a dash. So please don't use this version. Use 3.0.1 instead

Version 3.0 rc6

This is the sixth release candidate of testssl.sh 3.0 to reflect recent improvements. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 is not supported anymore. Bug fixing will take place in 3.0* only. This is a stable release.

This release contains some new features and more bug fixes:

• Socket timeouts (--connect-timeout)
• IDN/IDN2 servername support
• pwnedkeys.com support
• Initial support for certificate compression
• Initial client certificate support
• Better indentation for HTTP header outputs
• Better parsing of HTTP headers
• Penalize absence of TLS 1.2 anymore if server supports TLS 1.3 only
• Several improvements related to protocol determination and downgrade responses
• Some logic related using TLS 1.3 aware OpenSSL binaries more or less automagically
• Internal improvements to server preference checks
• Lots of internal and some speed improvements in "pre-flight checks" (comes before outputting any test)
• Mark TLS 1.0 and TLS 1.1 as deprecated
• Support newer OpenSSL/LibreSSL versions
• Improved detection of wrong user input when file was supplied for --csv,--json and --html
• Update client handshakes with newer client data and deprecate other clients
• Regression in CAA RR fixed
• Session resumption fixes
• Session ticket fixes
• Fixes for STARTTLS MySQL and PostgreSQL
• Unit tests for (almost) every STARTTLS protocol supported
• A lot of minor fixes

This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.

If you like this program we would appreciate donations (see https://testssl.sh/#donations) for a coffee, beer, wine, whisky -- or if you just say "Thank you". This keeps us motivated further continuing development.

Version 3.0 rc5

This is the fifth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released: Bug fixing will take place here only.

We take robustness seriously. This release contains bug fixes mostly.

For all changes, use git log. Excerpt:

• Modernized client handshakes
• Further code sanitizing
• Fixes in CSV files and JSON files creation and some ACE loadbalancer related improvements
• Fix session tickets and resumption
• OpenSSL 1.1.1 fixes
• Darwin OpenSSL binary
• Updated certificate store
• Add SSLv2 to SWEET

This program is licensed under GPLv2. Please note also that if you're using the program for a paid or free public service you need mention where you got this program from.

If you like this program we would appreciate donations (see https://testssl.sh/#donations) for a coffee, beer, wine, whisky -- or if you just say "Thank you"

Version 2.9.5-8

This update contains bugfixes. (Changelog: v2.9.5-7...2.9.5) . It is the last release of the 2.9.5 branch.

Note please: It is highly recommended to switch to >=3.0rc4 now (see tag in the 2.9dev branch) now. There are a few known bugs in 2.9.5 which won't be backported as it requires a larger effort. Besides another leap forward in features (bigger ones: TLS 1.3 and ROBOT check) 3.0rc4+ is also working with OpenSSL 1.1.1.