Lmst

https://hackingpassion.com/openssl-12-cves-ai-january-2026/

https://www.lesswrong.com/posts/7aJwgbMEiKq5egQbd/ai-found-12-of-12-openssl-zero-days-while-curl-cancelled-its

AI found 12 of 12 #OpenSSL #CVE's . CVE-2025-15467 is most remarkable

RE: https://mastodon.social/@drwetter/115827783533894665

Testssl activities had to wait a bit as the main contributor was busy 😃

testssl.sh :verified: boosted:

Forgot those pics... #39c3 #39c3abbauleak

One of the row of boxes for tschunk and mate.

Some of the human beings in the pic asked to take a picture. As there's no face visible, I hope it's fine. Happy to remove it otherwise.

The bus was quite old. So it would have been a bad idea to start the engine in the hall as it had probably neither a diesel particle filter or a catalysator (which work at higher temperatures only).

testssl.sh 3.3dev update:
- shellcheck ensures better code quality when check in, thanks to MFTabriz
- flag --rating only does the bare minimum of checks for SSLlabs rating, thanks to magnuslarsen

Both branches had some CA stores update

testssl.sh 3.3dev now has (finally) early data support a.k.a 0-RTT .

Btw: the new server for testssl.sh also supports #QUIC and other nice smaller bells and whistles

Come on, guys . Not even a pcap file ?

@pu
See link

testssl.sh :verified: boosted:

OpenSSL 3.6 Officially Released with LMS Signature Verification Support, More

https://fed.brid.gy/r/https://9to5linux.com/openssl-3-6-officially-released-with-lms-signature-verification-support-more

testssl.sh :verified: boosted:

Willing to help? See https://github.com/testssl/testssl.sh/issues/2908

I am curious whether Apple finally made a step toward #PQC to catch up with all other major browser vendors with the release of version 26 of their operating systems. They lag behind since months:

#TLS

Handshake simulation of testssl.sh which shows that all major browsers have sent a so called hybrid KEM (X25519MLKEM768) during the TLS ClientHello

@bagder

Just the command line for testing the next incarnation of my server (IPs aren't final, thus masked here)

Much appreciated, thanks!

Willing to help? See https://github.com/testssl/testssl.sh/issues/2908

I am curious whether Apple finally made a step toward #PQC to catch up with all other major browser vendors with the release of version 26 of their operating systems. They lag behind since months:

#TLS

New release for the stable branch 3.2

https://github.com/testssl/testssl.sh/releases

Some changes in branch 3.2.

There was parsing issue in HTTP Age header which looked on the first glance security relevant. Closer look revealed it's just a type confusion. But it's still recommended to update. Also this release includes a FAQ. More important details below.
What's Changed

Add README DeepWiki Link by @HarrisonTCodes
Modify grading for incomplete chain. by @secinto
Add sectigo CA E46 and R46 for Linux.pem by @drwetter
Improve error message for sockets fail and Alpine by @drwetter
Make code2network() faster by using bash instead of tr by @drwetter
Fix not working --disable-rating switch by @drwetter
feat: bump ssllabs rating guide to 2009r by @magnuslarsen
For Mac: use homebrew's openssl when necessary+needed by @drwetter
Fix displayed message when IPv6 needs to be tested too by @drwetter
FAQ for 3.2 by @drwetter in #2881
Fix garbled screen when HTTP Age is not a non-negative int (branch 3.2) by @drwetter
Fix indentation @ Intermediate cert validity (3.2) by @drwetter
Lucky13: improve phrasing for 3.2 by @drwetter
Bump version (3.2) by @drwetter in #2890

New Contributors

@HarrisonTCodes made their first contribution in #2801
@secinto made their first contribution in #2798

Full Changelog: v3.2.1...v3.2.2

... also for 3.2 now

testssl.sh now also has an FAQ: https://github.com/testssl/testssl.sh/blob/3.3dev/FAQ.md

testssl.sh :verified: boosted:

https://m.youtube.com/watch?v=sslnkb4MnTg&t=25152s&pp=2AHAxAGQAgE%3D

Stream of James #kettle #http/1.1 must die

#h1 #h2 #defcon #defcon33

Don't know whether anybody of you guys uses #Apple Mail but I'd rather be careful:

https://www.linkedin.com/feed/update/urn:li:activity:7349803754226868224/

TL;DR: UI prefers #STARTTLS over #TLS for #IMAP (but actually for some reason uses both ports). Apple Product Security doesn't see a reason for immediate action.

My bottom line: a) Apple doesn't take security as relevant as they say b) there are probably lots of users like I was who have STARTTLS configured and don't know that.

I recommend to check whether you're affected. If so I'd configure that as recommended above and change your passwords.

testssl.sh 3.3dev got a bit snappier, most notably for Macs:

#TLS #SSL #pentesting

Pic shows a protocol scan of testssl.net taking 8 seconds

Pic shows a protocol scan of testssl.net taking 13 seconds

PR for always scanning #IPv6 👆🏼merged.

In addition there's a small&nice hint: If there's no IPv6 activity you get a hint "scanning all IPv4 addresses". And the listed IPv6 addresses appear in round brackets.

Man pages / docs were updated accordingly

#IPv6 PR incoming to automagically check also IPv6:

https://github.com/testssl/testssl.sh/pull/2852

Client Info