00:08 Adam Weinberger (adamw) 

security/testssl.sh: Update to 3.0.8

Changes:
  Fix grep 3.8 warnings on fgrep and unneeded escapes of hyphen, slash, space
(Geert)
  Fix alignment for cipher output (David)
  News binaries (Darwin from Barry), carry now the appendix -bad and fixes a
security problem.
  Backport from higher OpenSSL version to support xmpp-server
  Fix CT (David)
  Fix decryption of TLS 1.3 response (David)
  Upgrade Dockerfile to Alpine to 3.15
  Fix pretty JSON formatting when warning is issued (David)
  Update of certificate stores
  Major update of client simulation (9 new simulations , >4 removed in default
run)
  Fix CRIME output on servers only supporting TLS 1.3 (Tomasz)
  Fix censys link
  Fix ome handshake problems w $OPENSSL ciphers, extend
determine_optimal_sockets_params() to more
  ciphers, fix PROTOS_OFFERED (David)
  Relax STARTTLS FTP requirement so that it doesn't require TLS after AUTH
  Fix run_server_preference() with no default protocol (David)
  Fix getting CRL / NO_SESSION_ID under some circumstances (David)
  Improve/fix OpenSSL 3.0 compatibility (David)
  Fix formatting to documentation
  Add FFDHE groups to supported_groups (David)
  Include RSA-PSS in ClientHello (David)

    9577312

20:43 Adam Weinberger (adamw) 

security/testssl.sh: Update to 3.0.7

Changes:
  Fix "ID resumption test failed" bug under Darwin
  Fix "locale error message when en_US.UTF-8 isn't available" bug
  Fix "Darwin / LibreSSL startup problem" which leads to a question upfront
  Make upfront handshake tests more compatible by adding </dev/null (David)
  Take 'HTTP Age' HTTP header into account when determine HTTP time (Wahnes)
  Fix JSON header (structured JSON output) name (David)
  Robustness: Update reset_hostdepended_vars() for mass tests (David)
  Simplify determination of git stuff (Matthias)
  Fix "newline to spaces" in JSON and CSV findings (David)
  Fix "Bad file descriptor with --connect-timeout option"
  SSLv2 fixes, OpenSSL fixes 3.X (David)
  Improve cipher_pref_check() for detecting prioritization of ChaCha ciphers
  Simplify + speed up pre-check
  Addressing lame DNS responses on WSL
  Fix big serial # issue in certs
  Fix invalid JSON when certificate issuer containing non-ASCII chars

    33e5fc6

16:53 Adam Weinberger (adamw) 

security/testssl.sh: Update to 3.0.6

    c8d13ff

16:42 Adam Weinberger (adamw) 

security/testssl.sh: Update to 3.0.5

    14d57ad

15:37 adamw 

security/testssl.sh: Update to 3.0.4

 

16:11 adamw 

security/testssl.sh: Update to 3.0.3

* Update certificate stores
* manpage fix (Karl)
* minor speedups for some vulnerability tests
* bash 5.1 fix
* Secure Client-Initiated Renegotiation false positive fix
* BREACH is now medium
* invalid JSON fix and other JSON improvements (David)
* Adding native Android 7 handshake instead of Chrome which has TLS 1.3
(Christoph)
* Header flag X-XSS-Protection is now labled as INFO
* No cyan colors in HHHTP header flags anymore, colons added
* Dockerfile improvments

 

04:11 tobik 

security/testssl.sh: Update to 3.0.2

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0.2

 

11:25 tobik 

security/testssl.sh: Update to 3.0.1

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0.1

 

21:16 tobik 

security/testssl.sh: Update to 3.0

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0

 

06:02 tobik 

security/testssl.sh: Update to 3.0rc6

- Hook up tests

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0rc6

 

04:45 tobik 

security/testssl.sh: Update to 3.0rc5

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0rc5

 

07:43 tobik 

security/testssl.sh: Update to 3.0rc4

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0rc4
MFH:		2019Q1 (bug fixes)

 

09:01 tobik 

security/testssl.sh: Update to 3.0rc3

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0rc3
MFH:		2018Q4 (bugfixes)

 

08:10 tobik 

security/testssl.sh: Update to 3.0rc2

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/3.0rc2
MFH:		2018Q4 (bugfixes)

 

11:33 tobik 

security/testssl.sh: Update to 3.0rc1

 

08:53 tobik 

security/testssl.sh: Update to 2.9.5-5

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/v2.9.5-5

 

08:13 tobik 

security/testssl.sh: Update to 2.9.5-4

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/v2.9.5-4

 

08:43 tobik 

security/testssl.sh: Update to 2.9.5-3

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/v2.9.5-3

 

11:18 tobik 

security/testssl.sh: Update to 2.9.5-2

PR:		226422
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>

 

20:33 tobik 

security/testssl.sh: Use security/openssl-unsafe

This greatly simplifies the port and we can stop building our own
unsafe openssl version.

PR:		223457
Submitted by:	brnrd

 

09:24 tobik 

security/testssl.sh: Update to 2.9.5-1

Changes:	https://github.com/drwetter/testssl.sh/compare/v2.9.5...v2.9.5-1

 

09:27 tobik 

security/testssl.sh: Update to 2.9.5

Changes:	https://github.com/drwetter/testssl.sh/releases/tag/v2.9.5

 

15:15 tobik 

New port: security/testssl.sh

testssl.sh is a command line tool which checks a server's service on
any port for the support of TLS/SSL ciphers, protocols as well as some
cryptographic flaws.  Key features:

- Clear output: you can tell easily whether anything is good or bad
- Flexibility: You can test any SSL/TLS enabled and STARTTLS service,
  not only webservers at port 443
- Toolbox: Several command line options help you to run YOUR test and
  configure YOUR output
- Reliability: features are tested thoroughly
- Verbosity: If a particular check cannot be performed because of a
  missing capability on your client side, you'll get a warning
- Privacy: It's only you who sees the result, not a third party

WWW: https://github.com/drwetter/testssl.sh

Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D11406