summaryrefslogtreecommitdiffstats
path: root/CREDITS.md
diff options
context:
space:
mode:
Diffstat (limited to 'CREDITS.md')
-rw-r--r--CREDITS.md200
1 files changed, 200 insertions, 0 deletions
diff --git a/CREDITS.md b/CREDITS.md
new file mode 100644
index 0000000..9522a76
--- /dev/null
+++ b/CREDITS.md
@@ -0,0 +1,200 @@
+
+Full contribution, see git log.
+
+* Dirk Wetter (creator, maintainer and main contributor)
+ - Everything what's not mentioned below and is included in testssl.sh's git log
+ minus what I probably forgot to mention
+ (too much other things to do at the moment and to list it would be a tough job)
+
+* David Cooper (main contributor)
+ - Major extensions to socket support for all protocols
+ - extended parsing of TLS ServerHello messages
+ - TLS 1.3 support (final and pre-final) with needed en/decryption
+ - add several TLS extensions
+ - Detection + output of multiple certificates
+ - several cleanups of server certificate related stuff
+ - testssl.sh -e/-E: testing with a mixture of openssl + sockets
+ - add more ciphers
+ - coloring of ciphers
+ - extensive CN+SAN <--> hostname check
+ - separate check for curves
+ - RFC 7919, key shares extension
+ - keyUsage extension in certificate
+ - experimental "eTLS" detection
+ - parallel mass testing!
+ - RFC <--> OpenSSL cipher name space switches for the command line
+ - better error msg suppression (not fully installed openssl)
+ - GREASE support
+ - Bleichenbacher / ROBOT vulnerability test
+ - several protocol preferences improvements
+ - pwnedkeys.com support
+ - CT support
+ - Extract CA list CertificateRequest message is encountered
+ - RFC 8879, certificate compression
+ - 128 cipher limit, padding
+ - compatibility for LibreSSL and different OpenSSL versions
+ - Check for ffdhe groups
+ - TLS 1.2 and TLS 1.3 sig algs added
+ - Show server supported signature algorithms
+ - Show supported certification authorities sent by the server when client auth is requested
+ - Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
+ - Provide compatibility to every LibreSSL/OpenSSL versions
+ - Lots of fixes and improvements
+
+##### Further credits (in alphabetical order)
+
+* a666
+ - Bugfix
+
+* Christoph Badura
+ - NetBSD fixes
+
+* Jim Blankendaal
+ - maximum certificate lifespan of 398 days
+ - ssl renegotiation amount variable
+ - custom http request headers
+
+* Frank Breedijk
+ - Detection of insecure redirects
+ - JSON and CSV output
+ - CA pinning
+ - Client simulations
+ - CI integration, some test cases for it
+
+* Steven Danneman
+ - Postgres and MySQL STARTTLS support
+ - MongoDB support
+
+* Christian Dresen
+ - Dockerfile
+
+* csett86
+ - some MacOSX and Java client handshake data
+
+* Mark Felder
+ - lots of cleanups
+ - Shellcheck static analysis
+
+* Laine Gholson
+ - avahi/mDNS support
+ - HTTP2/ALPN
+ - bugfixes
+ - former ARM binary support
+
+* Maciej Grela
+ - colorless handling
+
+* Jac2NL
+ - initial support for skipping offensive vulnerability tests
+
+* Scott Johnson
+ - Bugfix F5
+
+* Hubert Kario
+ - helped with avoiding accidental TCP fragmentation
+
+* Brennan Kinney
+ - refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
+
+* Magnus Larsen
+ - SSL Labs Rating
+
+* Jacco de Leeuw
+ - skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
+
+* Manuel
+ - HTTP basic auth
+
+* Markus Manzke
+ - Fix for HSTS + subdomains
+ - LibreSSL patch
+
+* Jean Marsault
+ - client auth: ideas, code snippets
+
+* Thomas Martens
+ - adding colorblind option
+ - no-rfc mapping
+
+* Peter Mosmans
+ - started way better cmd line parsing
+ - cleanups, fixes
+ - openssl sources support with the "missing" features
+
+* John Newbigin
+ - Proxy support (sockets and openssl)
+
+* Oleksandr Nosenko
+ - non-flat JSON support (--json-pretty)
+ - in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
+
+* Jonathan Roach
+ - TLS_FALLBACK_SCSV checks
+
+* Jonathon Rossi
+ - fix for bash3 (Darwin)
+ - and other Darwin fixes
+
+* Дилян Палаузов
+ - bug fix for 3des report
+ - reported a tricky STARTTLS bug
+
+* Thomas Patzke:
+ - Support of supplying timeout value for openssl connect
+
+* Olivier Paroz
+ - conversion xxd --> hexdump stuff
+
+* Jeroen Wiert Pluimers
+ - Darwin binaries support
+
+* Joao Poupino
+ - Minimize false positive detection for Renegotiation checks against Node.js etc.
+
+* Rechi
+ - initial MX stuff
+ - fixes
+
+* Gonçalo Ribeiro
+ - --connect-timeout
+
+* Dmitri S
+ - inspiration & help for Darwin port
+
+* Jonas Schäfer
+ - XMPP server patch
+
+* Marcin Szychowski
+ - Quick'n'dirty client certificate support
+
+* Viktor Szépe
+ - color function maker
+
+* Julien Vehent
+ - supplied 1st Darwin binary
+
+* Thomas Ward
+ - add initial IDN support
+
+* @typingArtist
+ - improved BEAST detection
+
+* @f-s
+ - ARM binary support
+
+* @nvsofts (NV)
+ - LibreSSL patch for GOST
+
+* @w4ntun
+ - fixed DNS via proxy
+
+Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
+
+
+##### Last but not least:
+
+* OpenSSL team for providing openssl.
+
+* Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
+
+* My family for supporting me doing this work