Further development now takes place in the 3.3dev branch which was just created

https://github.com/testssl/testssl.sh/tree/3.3dev

The last release of testssl.sh in the 3.0.10 branch was made which includes several bugfixes.

Get it from here: https://github.com/testssl/testssl.sh/releases/tag/v3.0.10

(bugfix) version 3.2.1 of testssl.sh is out

Get it from here: https://github.com/testssl/testssl.sh/releases/tag/v3.2.1

🚀

Does anybody has a solution for the problem that a #Github #action #badge shows also failed actions in a PR?

Help would be much appreciated.

Details here: https://github.com/testssl/testssl.sh/issues/2794

Boosts appreciated

the single best resource for Open Source CRA info is this repo: https://github.com/orcwg/cra-hub

I have some questions...

Branch 3.2 has now also a github action running under MacOS which permits dealing with compatibility issue in the very beginning, i.e. when write a PR

And it has more badges now ;-) -- including the status of the Ubuntu and MacOS CI runner.

PR pending

Also Android 15 supports the hybrid #PQ #KEM #X25519MLKEM768.

Will be soon added to the handshake simulation section

Can someone assist writing a unit test for #github using a MacOS runner?

https://github.com/testssl/testssl.sh/issues/2308#issuecomment-2862482574

RTs welcome

Unicode characters with a decomposition of 2+ ASCII characters and are registrable domains by _0x999

https://shazzer.co.uk/vectors/681bdfbc53893d69dd3de483

Here is a scan from testssl.net (which is at cloudflare and proxies testssl.sh) -- watch out for the #MLKEM(s)

#PQC

testssl.sh 3.2.0 is finally out, see https://github.com/testssl/testssl.sh/releases/tag/v3.2.0 or just https://testssl.sh .

Changelog see https://github.com/testssl/testssl.sh/blob/3.2/CHANGELOG.md .

Some browsers and also #OPenSSL 3.5.0 support already #PQ #KEMs for key exchange to to provide secure key establishment resistance.

The (real soon now) to be released testssl.sh 3.2 final will include handshake simulation, see last column:

testssl.sh (3.2rc4) has now a client simulation for #OpenSSL 3.5.0:

#OpenSSL 3.5.0 LTS release with some #PQC algorithms, server side #QUIC support and more

OpenSSL 3.5 introduces major crypto updates, including PQC support, server-side QUIC, and new TLS defaults.
https://linuxiac.com/openssl-3-5-brings-major-cryptographic-shifts/

#openssl #opensource #security

Ok, the final tuning to the supplied #openssl binary has taken place.

Recent patches see https://github.com/testssl/openssl-1.0.2.bad/pulls?q=is%3Apr%20is%3Aclosed%20

Private testing went good so far. Help testing would be much appreciated.

You can grab the binary from here https://testssl.sh/contributed_binaries/openssl.Linux.x86_64 (signature: https://testssl.sh/contributed_binaries/openssl.Linux.x86_64.asc) and let us SOON know of any problems.

A few recent updates to testssl.sh 3.2rc4:
* Improved compatibility with > OpenSSL 3.5 (David)
* Check now for 6 instead of 3 KEMs (David)
* Sort TLS extensions (David)
* added some server side TLS extensions (Dirk)
* Banner changed (Dirk)
* faster startup (Dirk)
* make curve checks more reliable (David)
* Fix curves findings in TLS1.2 and prior versions (Riccardo)
* Fix rating (Magnus)
* Add more HTTP security headers and deprecate others (Dirk)
* Feature: Detection STARTTLS throtteling via code 421/SMTP (Dirk)
* Enhance ticketbleed testing (David)
* Improve NPN detection (David)
* EV cert addition (Brett)

One of Google's intermediate CAs expired on March 9, fortunately this seems for chromecast devices only:

https://www.reddit.com/r/Chromecast/comments/1j7lhrs/the_chromecast_2s_device_authentication/