Releases: OWASP/O-Saft
Version 24.09.24
NOTE
This release is a major redesign of some functionality of the project.
* some legacy options have been removed
* bugs fixed reported as [issue](https://github.com/OWASP/O-Saft/issues)
* many bugs which occurred rarely (special combination of options) are fixed
* using openssl for detecting ciphers must be enabled by options
* handles openssl 3.x
* handles DTLS 1.2
* Dockerfile build with openssl provided by alpine:3.20 (is default now)
* Dockerfile builds image for Docker or Podman
* new Dockerfile.openssl to build image with own openssl 1.0.2-chacha
* new commands and options for o-saft-docker (supports Podman)
* SBOM o-saft.rel added which contains SIDs and sha256sums
* --v behaves as a simple "info"-option
* tracing improved in general
* improved INSTALL.sh with --check* options (for example checking SBOM)
* usr/o-saft-standalone.pl mainly working without perl warnings
* documentation addapted to changed and new functionality
* more descriptive documentation according cipher, cipher ranges etc.
BUGFIX
* usr/INSTALL-template.sh BF: must use literal TAB instead of \t in echo (problem in BusyBox)
* usr/get-SIDs.sh: BF: using expr on STDIN improved (bug with BusyBox v1.36.1)
* o-saft.pl: BF: check_dh() called if +logjam given (instead of +check)
* o-saft.pl: BF: normalise command only, not assigned value (was a problem with +test* commands only)
* o-saft.pl: BF: don't print command-line for option --help=gen* (used in make context only)
* o-saft.pl: BF: print SSLv2 in "Ciphers: Summary"
* o-saft.pl: BF: detect POODLE for TLSv1 (issue 146)
* o-saft.pl: BF: +cbc, +edh, +adh check cipher suite constant names also (issue 144)
* o-saft.pl: BF: avoid "Use of uninitialized value $v in scalar chomp .." (issue 14
* o-saft.pl: BF: avoid "Undefined subroutine &SSLinfo::do_ssl_open ..." for some cipher check commands like +cbs (issue 140)
* o-saft.pl: BF: print <<undef>> for unknown cipher suite found with +cipher
* o-saft.pl: BF: bare word after qr// removed (error in modern perl)
* o-saft.tcl: BF: pass +commands and --option to o-saft.pl (issue 153)F: bare word after qr// removed (error in modern perl)
* o-saft-docker: BF: argument hacker and usage do not need docker executable
* lib/SSLhello.pm: BF: use binmode(.., ":raw") to avoid perl error: send() isn't allowed on :utf8 handles (in stand-alone mode)
* lib/SSLinfo.pm: BF: avoid printing undefined value (issue 141)
* lib/OTrace.pm: BF: use pre Perl 5.22 RegEx syntax (issue 142)
* lib/OCfg.pm: BF: avoid Perl warning about regex match in hint()
* lib/OCfg.pm: BF: 0x03005600 (TLS_FALLBACK_SCSV) added to 'range'->'rfc'
* lib/OCfg.pm: BF: cipher_adh cipher_null added to cfg{need-chsckssl} (issue 140)
* lib/OMan.pm: BF: use correct version when generating -cgi.html
* lib/OMan.pm: BF: --help=command lists all commands from RC-file
* lib/OMan.pm: BF: bare word after qr// removed (error in modern perl)
* HTML-table.awk: BF: HTML syntax corrected
* HTML-simple.awk: BF: HTML syntax corrected
* usr/XML-value.awk: BF: XML syntax corrected
* usr/XML-attribute.awk: BF: XML syntax corrected
* t/Makefile.mod: BF: definition of SRC.pm adapted to Makefile
* t/Makefile.testssl: ET: target examples corrected
* usr/INSTALL-template.sh BF: special handling when called by make in own test directory
* Makefile: BF: use ./$SRC.pl when generating own help files
CHANGES
* usr/get-SIDs.sh: EF: check for gawk and md5sum; exit if missing
* Dockerfile: EF: using docker BuildKit; OSAFT_VM_SRC_OSAFT can be local file
* Dockerfile: EF: uses standard openssl
* usr/INSTALL-template.sh ED: new documentation section CHECKS, UPDATES
* usr/INSTALL-template.sh EF: allow all --check* option in container image
* usr/INSTALL-template.sh EF: installation with --cgi improved
* usr/INSTALL-template.sh EF: --install checks md5sum of installed files
* usr/INSTALL-template.sh EF: --check=SIDs and --check=SID --changes implemented
* usr/INSTALL-template.sh EF: --checkdev improved (checks execute permissions)
* usr/INSTALL-template.sh EF: INSTALL.sh.lock implemented
* usr/INSTALL-template.sh EF: each part of --check can be checked individually with --check*
* usr/install_openssl.sh: EF: use Net-SSLeay-1.94.tar.gz
* t/Makefile.dev: ET: TEST.tmpdir, TEST.tmp.rc added
* t/Makefile.warnings: ET: TEST.tmp.rc removed (now in Makefile.inc)
* t/Makefile.inc: ET: TEST.tmpdir, TEST.tmp.rc added
* t/Makefile*: ET: all O-*.dir renamed to O-DIR.*
* t/Makefile*: ET: option --trace-CLI removed; now passed via OSAFT_OPTIONS=--trace-CLI
* t/Makefile: ET: target testcmd-test.internal improved
* t/Makefile: ET: include Makefile.inst
* t/Makefile: ET: do not set PATH in recursive makeT: option --trace-CLI removed; now passed via OSAFT_OPTIONS=--trace-CLI
* Makefile: ET: podman.* targets added
* Makefile: ET: target docker.test added
* Makefile: ET: variable TEST.Makefiles completed
* lib/Ciphers.pm: EF: is_valid_key() handles keys for internal use also
* lib/OTrace.pm: EF: --trace print environment variables
* lib/OTrace.pm: EF: use OCfg, use OData, use Ciphers (partial fix for issue 137)
* lib/OData.pm: EF: use OCfg included; _init_checks_val() implemented (partial fix for issue 137)
* lib/OCfg.pm: EF: resumption_psk added to cfg{data_hex}
* lib/OCfg.pm: EF: h2-16 added for ALPN, NPN
* lib/OCfg.pm: EF: define and export _dbx(); @EXPORT_OK improved; define warn(), hint()
* lib/OCfg.pm: EF: cipherrange and cipherpattern 'openssl' added
* lib/OCfg.pm: EF: some RegEx simplified
* lib/OCfg.pm: EF: hint for Lucky13 added
* lib/OCfg.pm: EF: initialisation and export improved (partial fix for issue 137)
* lib/ODoc.pm: EF: use full qualified $OCfg:: (partial fix for issue 137)
* lib/OMan.pm: EF: man_warnings() prints used file with --v
* lib/OMan.pm: EF: --help=command lists internal defined summary commands also
* lib/OMan.pm: EF: "use Ciphers" improved (partial fix for issue 137)
* o-saft-docker: EF: option -name=pattern for kill operation added
* o-saft-docker: EF: update implemented
* o-saft-docker: EF: options -OSAFT_VM_SRC_OSAFT= and -OSAFT_VM_SHA_OSAFT= added
* o-saft-docker: ED: documentation improved (note about xhost and xauth)
* .o-saft.pl: ED: description improved; description added to all redefined commands
* o-saft.tcl: EF: options --v behaves like in o-saft.pl
* o-saft.tcl: EF: +info results are show as Text, not TK-table (issue 154)
* o-saft.tcl: EF: "Start" button added to layout=tablet (for simple usage)
* o-saft.tcl: EF: check for version number improved (hack for use of OSAFT_OPTIONS=--trace-CLI with make)
* o-saft.pl: EF: EF: parsing commands and options unified
* o-saft.pl: EF: _dbx() defined in OCfg.pm
* o-saft.pl: EF: --cipherrange=openssl implemented
* o-saft.pl: EF: -ciphermode= not supported for +cipher-dh
* o-saft.pl: EF: own openssl instead of SSLinfo::do_openssl() for +cipher
* o-saft.pl: EF: check Net::SSLeay<1.92
* o-saft.pl: EF: handle all --help* options/commands after reading all arguments
* o-saft.pl: ED: texts improved for "Ciphers: Summary"; for --version output
* o-saft.pl: EF: abort execution when using invalid/unknown ciphers with --cipher=
* o-saft.pl: EF: individual _is_ssl_*() now in generic _is_vulnerable() and _is_compliant()
* o-saft.pl: EF: --v prints info when OSAFT_CONFIG, OSAFT_OPTIONS used
* o-saft.pl: EF: check ENV{'OSAFT_OPTIONS'} if command line should be printed
* o-saft.pl: EF: use shebang -CADSio; descriptions according Unicode, UTF-8 and binmode() adapted
* o-saft.pl: EF: use OCfg, use OData improved (partial fix for issue 137)
* o-saft.pl: EF: die() doesn't print line number; keep make targets *.log happy
* t/Makefile*: ED: _SID renamed to O-SID, _MYSELF* renamed to O-SELF*
* t/Makefile.inc: ET: make file simplified
* t/Makefile.docker: ET: variables and targets for mbedtls removed (now in Makefile.testssl*)
* t/Makefile.cipher: ET: new target testarg-cipher-+cipher---test-missing_
* t/Makefile.cipher: ET: more targets for --cipher* options
* lib/OTrace.pm: EF: __trac() support data type "Regexp"
* doc/help.txt: ED: section UPDATES added
* doc/help.txt: ED: new section "Individual check values"
* doc/help.txt: ED: description about checking/scanning ciphers improved
* doc/help.txt: ED: documentation about warnings and hints improved
* doc/help.txt: ED: more attacks added in section CHECKS
* doc/help.txt: ED: description for POODLE improved
* doc/help.txt: ED: KNOWN PROBLEM "Old, deprecated cipher suites" added
* doc/glossary.txt: ED: formal changes ; more acronyms added
* doc/rfc.txt: ED: more RFCs added; link for SSLv2 added
* usr/gen_standalone.sh: EF: sequence of included files from lilb/ changed; formal changes
* usr/INSTALL-template.sh: EF: avoid error message if wish is missing
* o-saft.pl: EF: +version prints own unique SID
* o-saft-docker: EF: avoid errors if docker program missing
NEW
* o-saft-docker: NF: kill command added
* Dockerfile.openssl: NF: renamed from Dockerfile
* t/Makefile.inst: NF: new Makefile.inst for testing INSTALL.sh
* .o-saft.pl: NF: resumption_psk added
* o-saft.pl: NF: check for BREACH vulnerability
* lib/Cipher.pm: NF: is_adh(), is_cbc(), is_edh() implemented
* lib/SSLinfo.pm: NF: exract HTTPS header Content-Encoding and Transfer-Encoding
* lib/SSLinfo.pm: ED: internal %CST renamed to %SSLINFO to avoid name conflicts
* lib/SSLinfo.pm: NF: re...
Version 24.06.24
BUGFIX
* o-saft-docker: BF: wrong markup corrected (minor issue with -help only)
* usr/checkAllCiphers.pl: BF: adaptet to changes in lib/error_handler.pm 3.6 (OERR_* constants are %OERR hash now)
* doc/help.txt: BD: wrong option --trace=FILE, it is --rc=FILE
* t/Makefile.misc: ET: variables for targets docs.subs and docs.anno improved
* Makefile: EF: target docs depends on generated o-saft.pl.--help* files
* lib/Cipher.pm: BF: get_key() searches for name in all constants
* lib/Cipher.pm: BF: show_getter() prints all defined constants and aliases
* lib/OMan.pm: BF: output for help=info
* lib/OMan.pm: BF: _VERSION() from main must be called ::_VERSION()
* lib/ODoc.pm: BF: list of paths in _get_standalone() corrected
* o-saft.tcl: BF: ignore errors, warnings lines when building window with ciphers
* o-saft.tcl: BF: alias names corrected
* o-saft.tcl: BF: change layout button corrected in "tablet" layout
* o-saft.pl: BF: avoid " "Use of uninitilized value $ssl ..." with --legacy=sslscan
* o-saft.pl: BF: +sigkey_value needs special handling with --format=hex
* o-saft.pl: BF: --cipher accepts cipher constants, suite names, or aliases
* o-saft.pl: BF: special error check for +sstp (response from wolfSSL is slightly different)
* o-saft.pl: BF: reading from RC-FILE also if no --trace given
* o-saft.pl: BF: syntax corrected (bug since 3.14 only)
CHANGES
* o-saft.cgi: EF: use own %STR variable (to be compatible with various Makefiles)
* lib/OCfg.pm: EF: more values added to be handled by --format=hex
* lib/OCfg.pm: EF: hasdtls1 hasdtls12 hasdtls13 added some list of commands
* lib/OCfg.pm: EF: cipher 0x030000FE (WDM-NULL-SHA256) added to some ranges
* lib/Cipher.pm: EF: cipher -WDM-NULL-SHA256 (wolfSSL DTLS Multicast) added
* doc/help.txt: ED: description for --cipherrange=RANGE improved
* doc/help.txt: ED: KNOWN PROBLEM "+cipher hangs" added
* t/gen-graph-annotations.sh: EF: sub-directories adapted to new directory structure
* usr/INSTALL-template.sh: EF: option --instdev implemented
* usr/INSTALL-template.sh: EF: list of file "not to be installed" and moved with --clean improved
* usr/INSTALL-template.sh: EF: $dirs__ancient implemented; messages improved
* usr/INSTALL-template.sh: EF: messages and documentation improved
* usr/INSTALL-template.sh: EF: checking ancient files improved; checking ancient directories
* usr/INSTALL-template.sh: EF: accept environment variable OSAFT_Dir as installation directory
* usr/INSTALL-template.sh: EF: special handlicg for o-saft-docker
* t/Makefile.cmd: ET: some targets use filter to remove random data in generated .log
* Makefile: EF: EXE.docker renamed to EXE.o_docker; EXE.docker=docker added
* Makefile: EF: target INSTALL.sh depends on Makefile.misc
* Makefile: EF: checkAllCiphers.pl is now usr/checkAllCiphers.pl
* o-saft.cgi: EF: do not allow --inc= and --no-inc=
* o-saft.pl: EF: options --no-tls and --no-dtls added (aliases)
* o-saft.pl: EF: --ignore-warning= implemented
* o-saft.pl: EF: printversion() prints all own modules
* o-saft.pl: ED: --v output improved
* o-saft.pl: EF: security checks implemented and documented for use of qx()
* o-saft.pl: EF: +version prints Perl version also
* o-saft.pl: EF: some warning messages about ::VERSION improved; warning 127 and 130 removed
* lib/Cipher.pm: ED: output format of gett03() is the same as of show_getter()
* lib/SSLhello.pm: ED: message printed by error_handler->reset_err() unified
* lib/SSLinfo.pm: EF: --testopenssl also prints openssl executable which returned capabilities/options
* lib/OTrace.pm: EF: --test-memory prints sorted data
* lib/OTrace.pm: EF: simplified use of Exporter module
* lib/OText.pm: EF: simplified use of Exporter module
* lib/OData.pm: EF: simplified use of Exporter module
* lib/ODoc.pm: EF: simplified use of Exporter module
* lib/OCfg.pm: EF: simplified use of Exporter module
* lib/OMan.pm: EF: simplified use of Exporter module
* lib/OMan.pm: EF: man_warnings() simplified
* lib/OMan.pm: EF: documentation improved; --pod=* and --file=* option implemented
* lib/OMan.pm: EF: click outside menu closes menu in navigation bar on website
* lib/SSLinfo.pm: ED: output format for --test-* options unified
* lib/OTrace.pm: EF: calling SSLinfo::test_openssl() for --test-openssl
* doc/help.txt: ED: environment variables OSAFT_CONFIG and OSAFT_OPTIONS added; description of reading RC-FILE and options
* doc/help.txt: ED: documentation improved
* doc/devel.txt: ED: documentation improved
* doc/coding.txt: ED: documentation improved
* doc/coding.txt: ED: note about qx() security added
* t/.perlcriticrc: EF: some pragmas and description improved
* t/Makefile.mod: ET: more targets for --test-* options
* usr/install_openssl.sh: EF: handle errors returnd by find
* usr/install_openssl.sh: EF: dependency changed: libidn2-0-dev -> libidn2-dev
NEW
* t/Makefile.docker: NF: targets mbedtls.* for Mbed TLS server docker image
* t/Makefile.docker: ET: target for command hacker added
* t/Makefile.docker: NT: target testarg-docker- added
* lib/Cipher.pm: NF: new functions find_consts() find_keys_any() and find_names_any()
* lib/OData.pm: NF: hasdtls1, hasdtls12, hasdtls13 added to %check_conn
* lib/OTEXT.pm: NF: general function usage_show() for printing --usage
* lib/OData.pm: NF: --usage implemented
* lib/OCfg.pm: NF: --usage implemented
* o-saft.tcl: NF: option --rc=FILE added
* o-saft.tcl: NF: --no-rc option implemented
* o-saft.pl: NF: option --silent (shortcut for --nowarning --nohint) added
* o-saft.pl: NF: hasdtls1, hasdtls12, hasdtls13 checks implemented
* o-saft.pl: NF: environment variable OSAFT_CONFIG, OSAFT_OPTIONS implemented
* o-saft.pl: NF: --inc=* and --no-inc=* added
Version 24.01.24
NOTE
This release is a major redesign (refactoring) of the project. The top
directory now contains the main tools only. All modules, documentations and
(user) contributed tools are in sub-directories.
These changes are also reflected in the directories available at github.
If older versions should be used, please get the correspondig `o-saft.tgz`
from that version, see below.
Functionally the options `--v` and `--trace` behave different now.
Beside many formal changes, following bugfixes and changes have been done.
BUGFIX
* o-saft.pl: BT: print sorted list of ciphers for --ciphermode=dump (important for testing only)
* o-saft.pl: BF: avoid "Use of ..." for --legacy=testsslserver
output for --legacy=testsslserver may now miss some informations values
* t/Makefile.warnings: BT: duplicate target warning-141 removed
* OSaft/Ciphers: BD: description for $cipher_results adapted to new definitions
* Net/SSLhello.pm: BF: typos in cipher suite names corrected
* o-saft-dbx.pm: BF: avoid "Use of uninitialized value in join or string ..."; output for --trace=3 improved
* o-saft-man.pm: BF: <details> tag with overflow-y:auto
* o-saft-man.pm: BF: <aside> tag with higher z-index
CHANGES
* o-saft-man.pm: EF: man_src_grep() improved and adapted to new syntax for --help=exit
* t/Makefile.warnings: ET: warning-061 and warning-145 added
* t/Makefile.exit: ET: targets adapted to changes in o-saft.pl 2.163
* t/Makefile.cmd: ET: adapted to changes in o-saft.pl 2.163: --trace-CMD is now --v
* t/Makefile.dev: ET: testarg-dev-grep_subs improved
* t/Makefile.dev: EF: additional filter in target testcmd-dev-grep_desc
* t/Makefile: ET: environment variable PERL5LIB and PERL_HASH_SEED are set for all test* targets
* t/Makefile: ED: OSAFT.pm renamed to LIB.pm; o-saft-usr.pm renamed to OSaft/Usr.pm
* OSaft/Data.pm: EF: text fpr cnt_ciphers, cnt_totals improved
* OSaft/Doc/devel.txt: ED: OVERVIEW section added
* Net/SSLinfo.pm: EF: definition of variables and subs done at begnning; trace output improved
* Net/SSLhello.pm: EF: using _trace_* functions for some output with --trace*
* Net/SSLhello.pm: EF: definition of variables and subs done at begnning; trace output improved
* Net/SSLhello.pm: EF: using normalised timestamp for --trace-time
* Net/SSLhello.pm: EF: format of timestamp for --trace-time adapted to main
* Net/SSLhello.pm: EF: print %SSLINFO with --trace instead of --v
* Net/SSLhello.pm: ED: formal changes for trace output
* Net/SSLhello.pm: EF: don't pass -nextprotoneg together with -tls1_3 to openssl
* o-saft-dbx.pm: EF: output of HASH for --trace=3 improved
* osaft.pm: EF: DTLSv1* enabled
* osaft.pm: EF: hints 'openssl3' and 'openssl3c' added
* osaft.pm: EF: regex for 'OWASP_D' and 'OWASP_NA' improved
* osaft.pm: EF: get_ciphers_range() improved
* o-saft.pl: EF: --v and --trace improved (_y_CMD() repleced by_vprint())
* o-saft.pl: EF: sort some values for +check output
* o-saft.pl: EF: "local $\ =" removed to avoid unexpected behaviour in subs
* o-saft.pl: EF: avoid PFS checks with --ciphermode=openssl; may lead to wrong PFS output
* o-saft.pl: EF: --tracekey does not print "= reading file ..." information
* o-saft.pl: EF: check --legacy= option for +cipher; print warning
* o-saft.pl: EF: print hint when using openssl >2.0 and --ciphermode=openssl
* o-saft.pl: _get_cipherlist_*() replace by _get_cipherslist()
* o-saft.pl: EF: _eval_cipherranges() replaced by osaft::get_ciphers_range()
* o-saft.pl: EF: checking openssl's protocol options adapated to OpenSSL 3.0.11
* o-saft.pl: EF: printing "Total number of ciphers" 'cnt_totals' unified
* o-saft.pl: EF: +cipher-sh reimplemented
* OSaft/Ciphers: EF: sort_results() improved
* OSaft/Ciphers: EF: cipher 0x02FFFFFF added for internal use
* OSaft/Ciphers: EF: find_names() allows OpenSSL-style patterns
* OSaft/Ciphers: EF: sort_names() adapted to new ciphers (added in 2.89)
* OSaft/Ciphers: EF: aliases for some ciphers added
* OSaft/Doc/rfc.txt: ED: more RFCs added
* OSaft/Doc/help.txt: ED: HTML layout for some list items improved
* o-saft.pm EF: openssl configuration cfg{openssl} improved
* o-saft-man.pm EF: EF: support --trace option; --v supported for tool itself only
* o-saft-man.pm EF: parent caller defines file to retrieve (grep) data from
* o-saft-man.pm ED: <li> tags improved
* o-saft-dbx.pm EF: _vprintme() removed
NEW
* OSaft/Doc/openssl.txt: ND: file for internal (developer) documentation
* Net/SSLinfo.pm: EF: test_openssl() for --test-openssl implemented
* t/Makefile.mod: ET: target testarg-mod-Net-SSLinfo.pm_--test-openssl added
* t/Makefile.cipher: ET: targets added to test +cipher --trace*
* t/Makefile.cipher: ET: target testcmd-cipher-+cipher---openssl-local_ added
* t/Makefile.warnings: ET: warning-015 implemented, warning-413 implemented
* osaft.pm EF: cfg{openssl_version} added
* OSaft/Ciphers: EF: cophers TLS13_GOSTR341112_256* added
* OSaft/Trace.pm: NF: added (replace o-saft-dbx.pm 2.44)
* OSaft/USR.pm: NF: added (replace o-saft-usr.pm 2.8)
Version 23.11.23
BUGFIX
* o-saft-dbx.pm BF: avoid Perl's "Use of uninitialized value ..." when printing values
* OSaft/Ciphers.pm: BF: ckeck for own commands improved; fully handle --test-ciphers-* options
* Net/SSLhello.pm: BF: proper parameter type for Net::SSLeay::CTX_set_options() to avoid perl warning
* Makefile: BF: more dependencies for targets generating static help files $(DOC.dir)/$(SRC.pl).% improved
* t/Makefile.warnings: BT: macro EXE.extract_warn to extract warnings and errors corrected
* t/Makefile: BT: compute _SID.pod directly
* t/Makefile: BT: help.test.targets corrected
* Net/SSLinfo.pm: BF: Net::SSLeay::set_tlsext_host_name() behaves strange for openssl>2.0; dirty workaround implemented
* Net/SSLinfo.pm: BF: send HTTP verb line with \r to avoid "\n" in the logfiles
* osaft.pm: BF: +compression needs to call checkdest()
* osaft.pm: BF: OWASP scoring for TLS13-* ciphers corrected
* o-saft.pl: BF: implementation of need_netinfo improved
* o-saft.pl: BF: check for given command improved (avoid ambiguity)
* o-saft.tcl: BF: using correct widget for saving results
* o-saft.tcl: BF: Config Tool window has no Save button
* o-saft.tcl: BF: tooltip for Save button in Options tab corrected
* o-saft.tcl: BF: Save button for configuration settings corrected
* o-saft.tcl: BF: key bindings disabled, because they also apply for entry widgets, where they should not
* o-saft-man.pm: BF: remove internal markup in output for --h
CHANGES
* o-saft.cgi: EF: option --format=html4 --format=html5 renamed to --html4 --html5 (--format= already used by o-saft.pl)
* o-saft: EF: -log improved
* o-saft: ET: use non-random logfile name to avoid diff results with make
* OSaft/Ciphers.pm: EF: unified format for warn() messages
* OSaft/Data.pm: EF: adapted to modern TLS: use of TLSv1 or TLSv11 not considered good
* o-saft.pl: EF: --test-ciphers* options simplified; --traceCMD improved
* o-saft.pl: EF: adapted to modern TLS: use of TLSv1 or TLSv11 not considered good
* o-saft.pl: EF: warning if +cipher-dh --ciphermode=intern
* o-saft.pl: EF: checking for identified PFS ciphers improved (for --ciphermode=intern only)
* Net/SSLinfo.pm: EF: print Hint if server does not support protocol
* Net/SSLinfo.pm: EF: Net::SSLeay make HTTP requests with User-Agent header
* o-saft-dbx.pm: ED: description for --test-data improved
* o-saft-dbx.pm: EF: use texts from OSaft::Text
* OSaft/Doc/help.txt: ED: ENVIRONMENT section improved
* OSaft/Doc/help.txt: ED: o-saft.cgi's option --format=html4 --format=html5 renamed to --html4 --html5 (--format= already used by o-saft.pl)
* OSaft/Doc/help.txt: ED: DEBUG section removed, now available with --help=development
* t/Makefile.dev: ET: target testarg-dev-o-saft_-log improved
* t/Makefile.dev: ET: _EXE.log-filterarg improved (to compare results)
* t/Makefile.make: ET: ALL.testmake completed
* Makefile: EF: enforce LC_CTYPE=C.UTF-8 (necessary at least for o-saft.tcl)
* o-saft.tcl: ED: sequence of menu items as in o-saft.cgi
* o-saft.tcl: EF: missing Save button to Commands tab added
* o-saft.tcl: EF: debug (really trace) output improvd for --d=2
NEW
* o-saft-dbx.pm EF: --test-vars implemented; _yeast_test_vars()
* o-saft.pl: EF: --http-user-agent= added
* osaft.pm: EF: set_user_agent() implemented
* Net/SSLinfo.pm: EF: $Net::SSLinfo::user_agent added
* osaft.pm: EF: cfg{use}{user_agent} added
* OSaft/Doc/devel.txt: ND: new file
* Makefile: ET: release.here added; GEN.rel is now in docs/; generated tgz contains $(GEN.rel)
* o-saft: EF: mode -log implemented
Version 23.04.23
Please see file CHANGES for changes, corrections, improvements.
Version 22.11.22
Version 22.11.22
Please see file CHANGES for changes, corrections, improvements.
Version 22.06.22
Version 22.06.22
Please see file CHANGES for changes, corrections, improvements.
Version 22.02.22
Version 22.02.22
Please see file CHANGES for changes, corrections, improvements.
Version 19.01.19
BUGFIX
- t/Makefile.*: BT: macro ALL.inc.type corrected
- osaft.pm: BF: +fingerprint_sha2 honors --format=hex
- o-saft.pl: BF: printing header (for list of ciphers) corrected
- o-saft.pl: BF: "Ciphers: Summary" prints correct numbers if no ciphers found
- o-saft.pl: BF: --legacy=key disabled; --label=key enabled (honors --header option)
CHANGES
- t/Makefile.*: ET: targets simplified and unified; critic345 implemented
- o-saft.pl: EF: +cipher results are sorted according "severity/security risk"
NEW
- o-saft.pl: NF: --help=cmd and --help=cfg-cmd added
- o-saft.pl: NT: +session_startdate and +session_starttime added
- o-saft.pl: NF: new option --legacy=owasp for +cipher
- o-saft.pl: NF: new option --label=long|short|key
- o-saft.pl: NF: alias commands for CVEs added
- t/Makefile.misc: targets for profiling
VERSION 18.11.18
BUGFIX
* o-saft-docker: use correct VERSION in docker_build()
* o-saft-man.pm: output for --help=cfg-text correctd
* o-saft-man.pm: HTML encode << ; CSS improved
* o-saft.pl: warning added if https request failed
* o-saft.pl: --exit=MAIN corrected
* o-saft.tcl: value None not highlighted
* o-saft.tcl: --docker and --id=* handled correctly
* t/Makefile.opt: added (missed at github)
* t/Makefile: message-% rule description to avoid syntax errors
* Makefile: missing files t/Makefile.exit, t/Makefile.FQDN added to ALL.Makefiles
* Makefile: dependencies for generated files improved
CHANGES
* o-saft-docker: docker_build() uses OSAFT_VM_SHA_OSAFT environment variable
* contrib/build_openssl.sh renamed to contrib/install_openssl.sh
* o-saft-dbx.pm: trace and verbose output use cfg{prefix_trace} and cfg{prefix_verbose} instead of cfg{mename}
* t/Makefile.: various minor bugfixes
* Makefile: install target improved
* Net::SSLinfo.pm: set https_body to private string if https request fails
* osaft: call other tools with proper path
* osaft.pm: cipher suites for RFC 8446 (TLS 1.3) added
* o-saft-man.pm: new button to change schema in generated o-saft.cgi.html
* o-saft-man.pm: online documentation in generated html improved
* --help: section TESTING added
* o-saft.tcl: using o-saft.pl in docker container improved
* t/o-saft_bench renamed to t/o-saft_bench.sh
* t/Makefile improved
NEW
* "help"-Button foreach --help=* in o-saft.cgi.html
* --help=cipherpattern added
* options -comp and -no_comp implemented (OP_NO_COMPRESSION)
* Makefile.help: cloc* target added
* o-saft-man.pm: cgi and html page provides discrete commands
* o-saft-man.pm: cgi page provides input fields for options with values
* o-saft-man.pm: "return to top" button in generated .cgi.html added