Skip to content

Releases: OWASP/O-Saft

Version 24.09.24

24 Sep 21:10
Compare
Choose a tag to compare

NOTE

This release is a major redesign of some functionality of the project.

* some legacy options have been removed
* bugs fixed reported as [issue](https://github.com/OWASP/O-Saft/issues)
* many bugs which occurred rarely (special combination of options) are fixed
* using openssl for detecting ciphers must be enabled by options
* handles openssl 3.x
* handles DTLS 1.2
* Dockerfile build with openssl provided by alpine:3.20 (is default now)
* Dockerfile builds image for Docker or Podman
* new Dockerfile.openssl to build image with own openssl 1.0.2-chacha
* new commands and options for o-saft-docker (supports Podman)
* SBOM o-saft.rel added which contains SIDs and sha256sums
* --v behaves as a simple "info"-option
* tracing improved in general
* improved INSTALL.sh with --check* options (for example checking SBOM)
* usr/o-saft-standalone.pl mainly working without perl warnings
* documentation addapted to changed and new functionality
* more descriptive documentation according cipher, cipher ranges etc.

BUGFIX

* usr/INSTALL-template.sh BF: must use literal TAB instead of \t in echo (problem in BusyBox)
* usr/get-SIDs.sh: BF: using expr on STDIN improved (bug with BusyBox v1.36.1)
* o-saft.pl: BF: check_dh() called if +logjam given (instead of +check)
* o-saft.pl: BF: normalise command only, not assigned value (was a problem with +test* commands only)
* o-saft.pl: BF: don't print command-line for option --help=gen* (used in make context only)
* o-saft.pl: BF: print SSLv2 in "Ciphers: Summary"
* o-saft.pl: BF: detect POODLE for TLSv1 (issue 146)
* o-saft.pl: BF: +cbc, +edh, +adh check cipher suite constant names also (issue 144)
* o-saft.pl: BF: avoid "Use of uninitialized value $v in scalar chomp .." (issue 14
* o-saft.pl: BF: avoid "Undefined subroutine &SSLinfo::do_ssl_open ..." for some cipher check commands like +cbs (issue 140)
* o-saft.pl: BF: print <<undef>> for unknown cipher suite found with +cipher
* o-saft.pl: BF: bare word after qr// removed (error in modern perl)
* o-saft.tcl: BF: pass +commands and --option to o-saft.pl (issue 153)F: bare word after qr// removed (error in modern perl)
* o-saft-docker: BF: argument hacker and usage do not need docker executable
* lib/SSLhello.pm: BF: use binmode(.., ":raw") to avoid perl error: send() isn't allowed on :utf8 handles (in stand-alone mode)
* lib/SSLinfo.pm: BF: avoid printing undefined value (issue 141)
* lib/OTrace.pm: BF: use pre Perl 5.22 RegEx syntax (issue 142)
* lib/OCfg.pm: BF: avoid Perl warning about regex match in hint()
* lib/OCfg.pm: BF: 0x03005600 (TLS_FALLBACK_SCSV) added to 'range'->'rfc'
* lib/OCfg.pm: BF: cipher_adh cipher_null added to cfg{need-chsckssl} (issue 140)
* lib/OMan.pm: BF: use correct version when generating -cgi.html
* lib/OMan.pm: BF: --help=command lists all commands from RC-file
* lib/OMan.pm: BF: bare word after qr// removed (error in modern perl)
* HTML-table.awk: BF: HTML syntax corrected
* HTML-simple.awk: BF: HTML syntax corrected
* usr/XML-value.awk: BF: XML syntax corrected
* usr/XML-attribute.awk: BF: XML syntax corrected
* t/Makefile.mod: BF: definition of SRC.pm adapted to Makefile
* t/Makefile.testssl: ET: target examples corrected
* usr/INSTALL-template.sh BF: special handling when called by make in own test directory
* Makefile: BF: use ./$SRC.pl when generating own help files

CHANGES

* usr/get-SIDs.sh: EF: check for gawk and md5sum; exit if missing
* Dockerfile: EF: using docker BuildKit; OSAFT_VM_SRC_OSAFT can be local file
* Dockerfile: EF: uses standard openssl
* usr/INSTALL-template.sh ED: new documentation section CHECKS, UPDATES
* usr/INSTALL-template.sh EF: allow all --check* option in container image
* usr/INSTALL-template.sh EF: installation with --cgi improved
* usr/INSTALL-template.sh EF: --install checks md5sum of installed files
* usr/INSTALL-template.sh EF: --check=SIDs and --check=SID --changes implemented
* usr/INSTALL-template.sh EF: --checkdev improved (checks execute permissions)
* usr/INSTALL-template.sh EF: INSTALL.sh.lock implemented
* usr/INSTALL-template.sh EF: each part of --check can be checked individually with --check*
* usr/install_openssl.sh: EF: use Net-SSLeay-1.94.tar.gz
* t/Makefile.dev: ET: TEST.tmpdir, TEST.tmp.rc added
* t/Makefile.warnings: ET: TEST.tmp.rc removed (now in Makefile.inc)
* t/Makefile.inc: ET: TEST.tmpdir, TEST.tmp.rc added
* t/Makefile*: ET: all O-*.dir renamed to O-DIR.*
* t/Makefile*: ET: option --trace-CLI removed; now passed via OSAFT_OPTIONS=--trace-CLI
* t/Makefile: ET: target testcmd-test.internal improved
* t/Makefile: ET: include Makefile.inst
* t/Makefile: ET: do not set PATH in recursive makeT: option --trace-CLI removed; now passed via OSAFT_OPTIONS=--trace-CLI
* Makefile: ET: podman.* targets added
* Makefile: ET: target docker.test added
* Makefile: ET: variable TEST.Makefiles completed
* lib/Ciphers.pm: EF: is_valid_key() handles keys for internal use also
* lib/OTrace.pm: EF: --trace print environment variables
* lib/OTrace.pm: EF: use OCfg, use OData, use Ciphers (partial fix for issue 137)
* lib/OData.pm: EF: use OCfg included; _init_checks_val() implemented (partial fix for issue 137)
* lib/OCfg.pm: EF: resumption_psk added to cfg{data_hex}
* lib/OCfg.pm: EF: h2-16 added for ALPN, NPN
* lib/OCfg.pm: EF: define and export _dbx(); @EXPORT_OK improved; define warn(), hint()
* lib/OCfg.pm: EF: cipherrange and cipherpattern 'openssl' added
* lib/OCfg.pm: EF: some RegEx simplified
* lib/OCfg.pm: EF: hint for Lucky13 added
* lib/OCfg.pm: EF: initialisation and export improved (partial fix for issue 137)
* lib/ODoc.pm: EF: use full qualified $OCfg:: (partial fix for issue 137)
* lib/OMan.pm: EF: man_warnings() prints used file with --v
* lib/OMan.pm: EF: --help=command lists internal defined summary commands also
* lib/OMan.pm: EF: "use Ciphers" improved (partial fix for issue 137)
* o-saft-docker: EF: option -name=pattern for kill operation added
* o-saft-docker: EF: update implemented
* o-saft-docker: EF: options -OSAFT_VM_SRC_OSAFT= and -OSAFT_VM_SHA_OSAFT= added
* o-saft-docker: ED: documentation improved (note about xhost and xauth)
* .o-saft.pl: ED: description improved; description added to all redefined commands
* o-saft.tcl: EF: options --v behaves like in o-saft.pl
* o-saft.tcl: EF: +info results are show as Text, not TK-table (issue 154)
* o-saft.tcl: EF: "Start" button added to layout=tablet (for simple usage)
* o-saft.tcl: EF: check for version number improved (hack for use of OSAFT_OPTIONS=--trace-CLI with make)
* o-saft.pl: EF: EF: parsing commands and options unified
* o-saft.pl: EF: _dbx() defined in OCfg.pm
* o-saft.pl: EF: --cipherrange=openssl implemented
* o-saft.pl: EF: -ciphermode= not supported for +cipher-dh
* o-saft.pl: EF: own openssl instead of SSLinfo::do_openssl() for +cipher
* o-saft.pl: EF: check Net::SSLeay<1.92
* o-saft.pl: EF: handle all --help* options/commands after reading all arguments
* o-saft.pl: ED: texts improved for "Ciphers: Summary"; for --version output
* o-saft.pl: EF: abort execution when using invalid/unknown ciphers with --cipher=
* o-saft.pl: EF: individual _is_ssl_*() now in generic _is_vulnerable() and _is_compliant()
* o-saft.pl: EF: --v prints info when OSAFT_CONFIG, OSAFT_OPTIONS used
* o-saft.pl: EF: check ENV{'OSAFT_OPTIONS'} if command line should be printed
* o-saft.pl: EF: use shebang -CADSio; descriptions according Unicode, UTF-8 and binmode() adapted
* o-saft.pl: EF: use OCfg, use OData improved (partial fix for issue 137)
* o-saft.pl: EF: die() doesn't print line number; keep make targets *.log happy
* t/Makefile*: ED: _SID renamed to O-SID, _MYSELF* renamed to O-SELF*
* t/Makefile.inc: ET: make file simplified
* t/Makefile.docker: ET: variables and targets for mbedtls removed (now in Makefile.testssl*)
* t/Makefile.cipher: ET: new target testarg-cipher-+cipher---test-missing_
* t/Makefile.cipher: ET: more targets for --cipher* options
* lib/OTrace.pm: EF: __trac() support data type "Regexp"
* doc/help.txt: ED: section UPDATES added
* doc/help.txt: ED: new section "Individual check values"
* doc/help.txt: ED: description about checking/scanning ciphers improved
* doc/help.txt: ED: documentation about warnings and hints improved
* doc/help.txt: ED: more attacks added in section CHECKS
* doc/help.txt: ED: description for POODLE improved
* doc/help.txt: ED: KNOWN PROBLEM "Old, deprecated cipher suites" added
* doc/glossary.txt: ED: formal changes ; more acronyms added
* doc/rfc.txt: ED: more RFCs added; link for SSLv2 added
* usr/gen_standalone.sh: EF: sequence of included files from lilb/ changed; formal changes
* usr/INSTALL-template.sh: EF: avoid error message if wish is missing
* o-saft.pl: EF: +version prints own unique SID
* o-saft-docker: EF: avoid errors if docker program missing

NEW

* o-saft-docker: NF: kill command added
* Dockerfile.openssl: NF: renamed from Dockerfile
* t/Makefile.inst: NF: new Makefile.inst for testing INSTALL.sh
* .o-saft.pl: NF: resumption_psk added
* o-saft.pl: NF: check for BREACH vulnerability
* lib/Cipher.pm: NF: is_adh(), is_cbc(), is_edh() implemented
* lib/SSLinfo.pm: NF: exract HTTPS header Content-Encoding and Transfer-Encoding
* lib/SSLinfo.pm: ED: internal %CST renamed to %SSLINFO to avoid name conflicts
* lib/SSLinfo.pm: NF: re...
Read more

Version 24.06.24

24 Jun 20:18
Compare
Choose a tag to compare

BUGFIX

* o-saft-docker: BF: wrong markup corrected (minor issue with -help only)
* usr/checkAllCiphers.pl: BF: adaptet to changes in lib/error_handler.pm 3.6 (OERR_* constants are %OERR hash now)
* doc/help.txt: BD: wrong option --trace=FILE, it is --rc=FILE
* t/Makefile.misc: ET: variables for targets docs.subs and docs.anno improved
* Makefile: EF: target docs depends on generated o-saft.pl.--help* files
* lib/Cipher.pm: BF: get_key() searches for name in all constants
* lib/Cipher.pm: BF: show_getter() prints all defined constants and aliases
* lib/OMan.pm: BF: output for help=info
* lib/OMan.pm: BF: _VERSION() from main must be called ::_VERSION()
* lib/ODoc.pm: BF: list of paths in _get_standalone() corrected
* o-saft.tcl: BF: ignore errors, warnings lines when building window with ciphers  
* o-saft.tcl: BF: alias names corrected
* o-saft.tcl: BF: change layout button corrected in "tablet" layout
* o-saft.pl: BF: avoid " "Use of uninitilized value $ssl ..." with --legacy=sslscan
* o-saft.pl: BF: +sigkey_value needs special handling with --format=hex
* o-saft.pl: BF: --cipher accepts cipher constants, suite names, or aliases
* o-saft.pl: BF: special error check for +sstp (response from wolfSSL is slightly different)
* o-saft.pl: BF: reading from RC-FILE also if no --trace given
* o-saft.pl: BF: syntax corrected (bug since 3.14 only)

CHANGES

* o-saft.cgi: EF: use own %STR variable (to be compatible with various Makefiles)  
* lib/OCfg.pm: EF: more values added to be handled by --format=hex
* lib/OCfg.pm: EF: hasdtls1 hasdtls12 hasdtls13 added some list of commands
* lib/OCfg.pm: EF: cipher 0x030000FE (WDM-NULL-SHA256) added to some ranges
* lib/Cipher.pm: EF: cipher -WDM-NULL-SHA256 (wolfSSL DTLS Multicast) added
* doc/help.txt: ED: description for --cipherrange=RANGE improved
* doc/help.txt: ED: KNOWN PROBLEM "+cipher hangs" added
* t/gen-graph-annotations.sh: EF: sub-directories adapted to new directory structure 
* usr/INSTALL-template.sh: EF: option --instdev implemented
* usr/INSTALL-template.sh: EF: list of file "not to be installed" and moved with --clean improved
* usr/INSTALL-template.sh: EF: $dirs__ancient implemented; messages improved
* usr/INSTALL-template.sh: EF: messages and documentation improved
* usr/INSTALL-template.sh: EF: checking ancient files improved; checking ancient directories
* usr/INSTALL-template.sh: EF: accept environment variable OSAFT_Dir as installation directory
* usr/INSTALL-template.sh: EF: special handlicg for o-saft-docker
* t/Makefile.cmd: ET: some targets use filter to remove random data in generated .log
* Makefile: EF: EXE.docker renamed to EXE.o_docker; EXE.docker=docker added
* Makefile: EF: target INSTALL.sh depends on Makefile.misc
* Makefile: EF: checkAllCiphers.pl is now usr/checkAllCiphers.pl
* o-saft.cgi: EF: do not allow --inc= and --no-inc=
* o-saft.pl: EF: options --no-tls and --no-dtls added (aliases)
* o-saft.pl: EF: --ignore-warning= implemented
* o-saft.pl: EF: printversion() prints all own modules
* o-saft.pl: ED: --v output improved
* o-saft.pl: EF: security checks implemented and documented for use of qx()
* o-saft.pl: EF: +version prints Perl version also
* o-saft.pl: EF: some warning messages about ::VERSION improved; warning 127 and 130 removed
* lib/Cipher.pm: ED: output format of gett03() is the same as of show_getter()
* lib/SSLhello.pm: ED: message printed by error_handler->reset_err() unified
* lib/SSLinfo.pm: EF: --testopenssl also prints openssl executable which returned capabilities/options
* lib/OTrace.pm: EF: --test-memory prints sorted data
* lib/OTrace.pm: EF: simplified use of Exporter module
* lib/OText.pm: EF: simplified use of Exporter module
* lib/OData.pm: EF: simplified use of Exporter module
* lib/ODoc.pm: EF: simplified use of Exporter module
* lib/OCfg.pm: EF: simplified use of Exporter module
* lib/OMan.pm: EF: simplified use of Exporter module
* lib/OMan.pm: EF: man_warnings() simplified
* lib/OMan.pm: EF: documentation improved; --pod=* and --file=* option implemented
* lib/OMan.pm: EF: click outside menu closes menu in navigation bar on website
* lib/SSLinfo.pm: ED: output format for --test-* options unified
* lib/OTrace.pm: EF: calling SSLinfo::test_openssl() for --test-openssl
* doc/help.txt: ED: environment variables OSAFT_CONFIG and OSAFT_OPTIONS added; description of reading RC-FILE and options
* doc/help.txt: ED: documentation improved
* doc/devel.txt: ED: documentation improved
* doc/coding.txt: ED: documentation improved
* doc/coding.txt: ED: note about qx() security added
* t/.perlcriticrc: EF: some pragmas and description improved
* t/Makefile.mod: ET: more targets for --test-* options
* usr/install_openssl.sh: EF: handle errors returnd by find
* usr/install_openssl.sh: EF: dependency changed: libidn2-0-dev -> libidn2-dev

NEW

* t/Makefile.docker: NF: targets mbedtls.* for Mbed TLS server docker image
* t/Makefile.docker: ET: target for command hacker added
* t/Makefile.docker: NT: target testarg-docker- added
* lib/Cipher.pm: NF: new functions find_consts() find_keys_any() and find_names_any()
* lib/OData.pm: NF: hasdtls1, hasdtls12, hasdtls13 added to %check_conn
* lib/OTEXT.pm: NF: general function usage_show() for printing --usage
* lib/OData.pm: NF: --usage implemented
* lib/OCfg.pm: NF: --usage implemented
* o-saft.tcl: NF: option --rc=FILE added
* o-saft.tcl: NF: --no-rc option implemented
* o-saft.pl: NF: option --silent (shortcut for --nowarning --nohint) added
* o-saft.pl: NF: hasdtls1, hasdtls12, hasdtls13 checks implemented
* o-saft.pl: NF: environment variable OSAFT_CONFIG, OSAFT_OPTIONS implemented
* o-saft.pl: NF: --inc=* and --no-inc=* added

Version 24.01.24

27 Jan 23:20
Compare
Choose a tag to compare

NOTE

This release is a major redesign (refactoring) of the project. The top
directory now contains the main tools only. All modules, documentations and
(user) contributed tools are in sub-directories.
These changes are also reflected in the directories available at github.

If older versions should be used, please get the correspondig `o-saft.tgz`
from that version, see below.

Functionally the options `--v`  and  `--trace`  behave different now.

Beside many formal changes, following bugfixes and changes have been done.

BUGFIX

* o-saft.pl: BT: print sorted list of ciphers for --ciphermode=dump (important for testing only)
* o-saft.pl: BF: avoid "Use of ..." for --legacy=testsslserver
  output for --legacy=testsslserver  may now miss some informations values
* t/Makefile.warnings: BT: duplicate target warning-141 removed
* OSaft/Ciphers: BD: description for $cipher_results adapted to new definitions
* Net/SSLhello.pm: BF: typos in cipher suite names corrected
* o-saft-dbx.pm: BF: avoid "Use of uninitialized value in join or string ..."; output for --trace=3 improved
* o-saft-man.pm: BF: <details> tag with overflow-y:auto
* o-saft-man.pm: BF: <aside> tag with higher z-index

CHANGES

* o-saft-man.pm: EF: man_src_grep() improved and adapted to new syntax for --help=exit
* t/Makefile.warnings: ET: warning-061 and warning-145 added
* t/Makefile.exit: ET: targets adapted to changes in o-saft.pl 2.163
* t/Makefile.cmd: ET: adapted to changes in o-saft.pl 2.163: --trace-CMD is now --v
* t/Makefile.dev: ET: testarg-dev-grep_subs improved
* t/Makefile.dev: EF: additional filter in target testcmd-dev-grep_desc
* t/Makefile: ET: environment variable PERL5LIB and PERL_HASH_SEED are set for all test* targets
* t/Makefile: ED: OSAFT.pm renamed to LIB.pm; o-saft-usr.pm renamed to OSaft/Usr.pm
* OSaft/Data.pm: EF: text fpr cnt_ciphers, cnt_totals improved
* OSaft/Doc/devel.txt: ED: OVERVIEW section added
* Net/SSLinfo.pm: EF: definition of variables and subs done at begnning; trace output improved
* Net/SSLhello.pm: EF: using _trace_* functions for some output with --trace*
* Net/SSLhello.pm: EF: definition of variables and subs done at begnning; trace output improved
* Net/SSLhello.pm: EF: using normalised timestamp for --trace-time
* Net/SSLhello.pm: EF: format of timestamp for --trace-time adapted to main
* Net/SSLhello.pm: EF: print %SSLINFO with --trace instead of --v
* Net/SSLhello.pm: ED: formal changes for trace output
* Net/SSLhello.pm: EF: don't pass -nextprotoneg together with -tls1_3 to openssl
* o-saft-dbx.pm: EF: output of HASH for --trace=3 improved
* osaft.pm: EF: DTLSv1* enabled
* osaft.pm: EF: hints 'openssl3' and 'openssl3c' added
* osaft.pm: EF: regex for 'OWASP_D' and 'OWASP_NA' improved
* osaft.pm: EF: get_ciphers_range() improved
* o-saft.pl: EF: --v and --trace improved (_y_CMD() repleced by_vprint())
* o-saft.pl: EF: sort some values for +check output
* o-saft.pl: EF: "local $\ =" removed to avoid unexpected behaviour in subs
* o-saft.pl: EF: avoid PFS checks with --ciphermode=openssl; may lead to wrong PFS output
* o-saft.pl: EF: --tracekey does not print "= reading file ..." information
* o-saft.pl: EF: check --legacy= option for +cipher; print warning
* o-saft.pl: EF: print hint when using openssl >2.0 and --ciphermode=openssl
* o-saft.pl: _get_cipherlist_*() replace by _get_cipherslist()
* o-saft.pl: EF: _eval_cipherranges() replaced by osaft::get_ciphers_range()
* o-saft.pl: EF: checking openssl's protocol options adapated to OpenSSL 3.0.11
* o-saft.pl: EF: printing "Total number of ciphers" 'cnt_totals' unified
* o-saft.pl: EF: +cipher-sh reimplemented
* OSaft/Ciphers: EF: sort_results() improved
* OSaft/Ciphers: EF: cipher 0x02FFFFFF added for internal use
* OSaft/Ciphers: EF: find_names() allows OpenSSL-style patterns
* OSaft/Ciphers: EF: sort_names() adapted to new ciphers (added in 2.89)
* OSaft/Ciphers: EF: aliases for some ciphers added
* OSaft/Doc/rfc.txt: ED: more RFCs added
* OSaft/Doc/help.txt: ED: HTML layout for some list items improved
* o-saft.pm EF: openssl configuration cfg{openssl} improved
* o-saft-man.pm EF: EF: support --trace option; --v supported for tool itself only
* o-saft-man.pm EF: parent caller defines file to retrieve (grep) data from
* o-saft-man.pm ED: <li> tags improved
* o-saft-dbx.pm EF: _vprintme() removed

NEW

* OSaft/Doc/openssl.txt: ND: file for internal (developer) documentation
* Net/SSLinfo.pm: EF: test_openssl() for --test-openssl implemented
* t/Makefile.mod: ET: target testarg-mod-Net-SSLinfo.pm_--test-openssl added
* t/Makefile.cipher: ET: targets added to test +cipher --trace*
* t/Makefile.cipher: ET: target testcmd-cipher-+cipher---openssl-local_ added
* t/Makefile.warnings: ET: warning-015 implemented, warning-413 implemented
* osaft.pm EF: cfg{openssl_version} added
* OSaft/Ciphers: EF: cophers TLS13_GOSTR341112_256* added
* OSaft/Trace.pm: NF: added (replace o-saft-dbx.pm 2.44)
* OSaft/USR.pm: NF: added (replace o-saft-usr.pm 2.8)

Version 23.11.23

26 Nov 15:53
Compare
Choose a tag to compare

BUGFIX

* o-saft-dbx.pm BF: avoid Perl's "Use of uninitialized value ..." when printing values
* OSaft/Ciphers.pm: BF: ckeck for own commands improved; fully handle --test-ciphers-* options
* Net/SSLhello.pm: BF: proper parameter type for Net::SSLeay::CTX_set_options() to avoid perl warning
* Makefile: BF: more dependencies for targets generating static help files $(DOC.dir)/$(SRC.pl).% improved
* t/Makefile.warnings: BT: macro EXE.extract_warn to extract warnings and errors corrected
* t/Makefile: BT: compute _SID.pod directly
* t/Makefile: BT: help.test.targets corrected
* Net/SSLinfo.pm: BF: Net::SSLeay::set_tlsext_host_name() behaves strange for openssl>2.0; dirty workaround implemented
* Net/SSLinfo.pm: BF: send HTTP verb line with \r to avoid "\n" in the logfiles
* osaft.pm: BF: +compression needs to call checkdest()
* osaft.pm: BF: OWASP scoring for TLS13-* ciphers corrected
* o-saft.pl: BF: implementation of need_netinfo improved
* o-saft.pl: BF: check for given command improved (avoid ambiguity)
* o-saft.tcl: BF: using correct widget for saving results
* o-saft.tcl: BF: Config Tool window has no Save button
* o-saft.tcl: BF: tooltip for Save button in Options tab corrected
* o-saft.tcl: BF: Save button for configuration settings corrected
* o-saft.tcl: BF: key bindings disabled, because they also apply for entry widgets, where they should not
* o-saft-man.pm: BF: remove internal markup in output for --h

CHANGES

* o-saft.cgi: EF: option --format=html4 --format=html5 renamed to --html4 --html5 (--format= already used by o-saft.pl)
* o-saft: EF: -log improved
* o-saft: ET: use non-random logfile name to avoid diff results with make
* OSaft/Ciphers.pm: EF: unified format for warn() messages
* OSaft/Data.pm: EF: adapted to modern TLS: use of TLSv1 or TLSv11 not considered good
* o-saft.pl: EF: --test-ciphers* options simplified; --traceCMD improved
* o-saft.pl: EF: adapted to modern TLS: use of TLSv1 or TLSv11 not considered good
* o-saft.pl: EF: warning if +cipher-dh --ciphermode=intern
* o-saft.pl: EF: checking for identified PFS ciphers improved (for --ciphermode=intern only)
* Net/SSLinfo.pm: EF: print Hint if server does not support protocol
* Net/SSLinfo.pm: EF: Net::SSLeay make HTTP requests with User-Agent header
* o-saft-dbx.pm: ED: description for --test-data improved
* o-saft-dbx.pm: EF: use texts from OSaft::Text
* OSaft/Doc/help.txt: ED: ENVIRONMENT section improved
* OSaft/Doc/help.txt: ED: o-saft.cgi's option --format=html4 --format=html5 renamed to --html4 --html5 (--format= already used by o-saft.pl)
* OSaft/Doc/help.txt: ED: DEBUG section removed, now available with --help=development
* t/Makefile.dev: ET: target testarg-dev-o-saft_-log improved
* t/Makefile.dev: ET: _EXE.log-filterarg improved (to compare results)
* t/Makefile.make: ET: ALL.testmake completed
* Makefile: EF: enforce LC_CTYPE=C.UTF-8 (necessary at least for o-saft.tcl)
* o-saft.tcl: ED: sequence of menu items as in o-saft.cgi
* o-saft.tcl: EF: missing Save button to Commands tab added
* o-saft.tcl: EF: debug (really trace) output improvd for --d=2

NEW

* o-saft-dbx.pm EF: --test-vars implemented; _yeast_test_vars()
* o-saft.pl: EF: --http-user-agent= added
* osaft.pm: EF: set_user_agent() implemented
* Net/SSLinfo.pm: EF: $Net::SSLinfo::user_agent added
* osaft.pm: EF: cfg{use}{user_agent} added
* OSaft/Doc/devel.txt: ND: new file
* Makefile: ET: release.here added; GEN.rel is now in docs/; generated tgz contains $(GEN.rel)
* o-saft: EF: mode -log implemented

Version 23.04.23

23 Apr 21:55
Compare
Choose a tag to compare

Please see file CHANGES for changes, corrections, improvements.

Version 22.11.22

24 Nov 12:11
Compare
Choose a tag to compare

Version 22.11.22

Please see file CHANGES for changes, corrections, improvements.

Version 22.06.22

08 Oct 21:49
Compare
Choose a tag to compare

Version 22.06.22

Please see file CHANGES for changes, corrections, improvements.

Version 22.02.22

04 Mar 19:28
Compare
Choose a tag to compare

Version 22.02.22

Please see file CHANGES for changes, corrections, improvements.

Version 19.01.19

21 Jan 10:36
Compare
Choose a tag to compare

BUGFIX

  • t/Makefile.*: BT: macro ALL.inc.type corrected
  • osaft.pm: BF: +fingerprint_sha2 honors --format=hex
  • o-saft.pl: BF: printing header (for list of ciphers) corrected
  • o-saft.pl: BF: "Ciphers: Summary" prints correct numbers if no ciphers found
  • o-saft.pl: BF: --legacy=key disabled; --label=key enabled (honors --header option)

CHANGES

  • t/Makefile.*: ET: targets simplified and unified; critic345 implemented
  • o-saft.pl: EF: +cipher results are sorted according "severity/security risk"

NEW

  • o-saft.pl: NF: --help=cmd and --help=cfg-cmd added
  • o-saft.pl: NT: +session_startdate and +session_starttime added
  • o-saft.pl: NF: new option --legacy=owasp for +cipher
  • o-saft.pl: NF: new option --label=long|short|key
  • o-saft.pl: NF: alias commands for CVEs added
  • t/Makefile.misc: targets for profiling

VERSION 18.11.18

09 Nov 01:05
Compare
Choose a tag to compare

BUGFIX
* o-saft-docker: use correct VERSION in docker_build()
* o-saft-man.pm: output for --help=cfg-text correctd
* o-saft-man.pm: HTML encode << ; CSS improved
* o-saft.pl: warning added if https request failed
* o-saft.pl: --exit=MAIN corrected
* o-saft.tcl: value None not highlighted
* o-saft.tcl: --docker and --id=* handled correctly
* t/Makefile.opt: added (missed at github)
* t/Makefile: message-% rule description to avoid syntax errors
* Makefile: missing files t/Makefile.exit, t/Makefile.FQDN added to ALL.Makefiles
* Makefile: dependencies for generated files improved
CHANGES
* o-saft-docker: docker_build() uses OSAFT_VM_SHA_OSAFT environment variable
* contrib/build_openssl.sh renamed to contrib/install_openssl.sh
* o-saft-dbx.pm: trace and verbose output use cfg{prefix_trace} and cfg{prefix_verbose} instead of cfg{mename}
* t/Makefile.: various minor bugfixes
* Makefile: install target improved
* Net::SSLinfo.pm: set https_body to private string if https request fails
* osaft: call other tools with proper path
* osaft.pm: cipher suites for RFC 8446 (TLS 1.3) added
* o-saft-man.pm: new button to change schema in generated o-saft.cgi.html
* o-saft-man.pm: online documentation in generated html improved
* --help: section TESTING added
* o-saft.tcl: using o-saft.pl in docker container improved
* t/o-saft_bench renamed to t/o-saft_bench.sh
* t/Makefile
improved
NEW
* "help"-Button foreach --help=* in o-saft.cgi.html
* --help=cipherpattern added
* options -comp and -no_comp implemented (OP_NO_COMPRESSION)
* Makefile.help: cloc* target added
* o-saft-man.pm: cgi and html page provides discrete commands
* o-saft-man.pm: cgi page provides input fields for options with values
* o-saft-man.pm: "return to top" button in generated .cgi.html added