Skip to content

Latest commit

 

History

History
261 lines (195 loc) · 8.75 KB

CHANGELOG.md

File metadata and controls

261 lines (195 loc) · 8.75 KB
Raw

Changelog

0.8.0 - 2022-01-18

  • SSH (ssh)
    • Public Keys (pubkeys)
      • add analyzer for checking SSH server against used host keys (#34)
    • Versions (versions)
      • identify application server and version (#71)

0.7.3 - 2021-12-26

Features

  • SSH (ssh)
    • Generic
      • Add all command to SSH

Notable fixes

  • Generic
    • Diffie-Hellman
      • Handle Diffie-Hellman parameter q value comparision well (#74)
  • TLS (tls)
    • Generic
      • Handle multi-line greeting message in the case of SMTP servers (#72)
    • Diffie-Hellman (dhparams)
      • Add safe prime attribute to well-known DH params as there is an RFC (5144) which defines unsafe prime (#73)
    • Public Keys (pubkeys)
      • Handle missing certificates message well during an anonymous Diffie-Hellman key exchange (#66)

0.7.2 - 2021-10-07

Features

  • SSH (ssh)
    • Diffie-Hellman (dhparams)
      • add group exchange algorithms supported by the server to the result (#53)

Other

  • switch to Markdown format in changelog, readme and contributing
  • update contributing to the latest version from contribution-guide.org
  • add summary of the project to the readme

0.7.1 - 2021-09-20

Features

  • TLS (tls)
    • LMTP opportunistic TLS (STARTTLS) support (#56)
    • NNTP opportunistic TLS (STARTTLS) support (#7)
    • PostgreSQL opportunistic TLS (STARTTLS) support (#55)

Notable fixes

  • TLS (tls)
    • Generic
      • Use DH ephemeral keys that are mathematically correct during a TLS 1.3 handshake to increase stability (#57)
    • Ciphers (ciphers)
      • No fallback mechanism is used to check cipher suites if server honors long cipher suite lists (#59)

0.7.0 - 2021-09-02

Features

  • TLS (tls)
  • SSH (ssh)
    • Diffie-Hellman (dhparams)
      • check which DH parameter sizes supported by the server by group exchange (#53)
      • check which DH parameter sizes supported by the server by key exchange (#53)

Notable fixes

  • TLS (tls)
    • Generic
      • handle server long cipher suite, signature algorithm list intolerance (#52)

0.6.0 - 2021-05-27

Improvements

  • TLS (tls)
    • Ciphers (ciphers)
      • add TLS 1.3 support (#35)
    • Elliptic Curves (curves)
      • add TLS 1.3 support (#35)
    • Diffie-Hellman (dhparams)
      • add TLS 1.3 support (#35)
    • Signature Algorithms (sigalgos)
      • add TLS 1.3 support (#35)
    • Versions (versions)
      • add TLS 1.3 support (#35)

0.5.0 - 2021-04-08

Features

  • TLS (tls)

    • add analyzer (all) for running all TLS analysis at once (#40)

  • SSH (ssh2)

    * add analyzer for checking SSH servers against negotiated algorithms (#33)

Usability

  • Generic
    • use human readable algorithms names in Markdown output (#48)
    • command line interface gives error output instead of traceback on exception (#49)

0.4.0 - 2021-01-30

Features

  • TLS (tls)
    • add analyzer for checking whether TLS server requires client certificate for authentication (#36)
    • LDAP support (#25)

Notable fixes

  • TLS (tls)
    • Generic
      • handle that a server indicates handshake failure by sending close notify alert (#44)
      • handle that a server does not respect lack of the signature algorithms extension (#43)
    • Versions (versions)
      • handle that a server supports only non-RSA public keys (#41)

Performance

  • TLS (tls)
    • Cipher Suites (ciphers)
      • speed up TLS supported curve check (#39)

0.3.1 - 2020-09-15

Features

  • Generic
  • TLS (tls)
    • XMPP (Jabber) support (#26)
    • Cipher Suites (ciphers)
      • GOST (national standards of the Russian Federation and CIS countries) support for TLS cipher suite checker (#32)

Notable fixes

  • TLS (tls)
    • fix several uncertain test cases (#28)

Refactor

0.3.0 - 2020-04-30

Features

Notable fixes

  • FTP server check cause Python traceback on connection close (#27)

Refactor

  • use attrs to avoid boilerplates (#24)

0.2.0 - 2019-12-05

Features

  • TLS (tls)
    • Diffie-Hellman (dhparams)
      • check whether server uses safe prime as DH parameter to avoid small subgroup confinement attack (#13)
      • check whether server uses well-known (RFC defined) DH parameter (#13)
      • check whether server reuse the DH parameter (#13)
    • FTP opportunistic TLS (STARTTLS) support (#8)

Notable Fixes

  • TLS (tls)
    • Cipher Suites (ciphers)
      • handle server long cipher suite list intolerance
      • fix cipher suite preference order calculation (#18)
    • Elliptic Curves (curves)
      • fix result when server does not support named group extension
    • Public Keys (pubkeys)
      • handle cross signed key in the certificate chain
      • fix JSON output in case of expired certificates (#15)
      • handle the case when only a self-singed CA is served as certificate (#17)
      • handle the case when CA with no basic constraint is served (#20)
    • handle rarely/incorrectly used TLS alerts
    • handle when there is no response from server (#11)
    • handle scheme other than tls in URL argument of the command line tool (#3)
    • handle plain text response to TLS handshake initiation (#19)
    • add default port for opportunistic TLS schemes (#6)
    • uniform timeout handling in TLS clients (#12)

Other

  • improve unit tests (100% code coverage)
  • Docker support and ready-to-use container on DockerHub (coroner/cryprolyzer)
  • build packages to several Linux distributions on Open Build Service
    • Debian (10, Testing)
    • Raspbian (10)
    • Ubuntu (19.10)
    • Fedora (29, 30, 31, Rawhide)
    • Mageia (7, Cauldron)
  • IP address can be set to hostname in command line (#10)
  • fix several Python packaging issues

0.1.0 - 2019-03-20

Features

Improvements