TL;DR
- label missing KEMs as low severity to indicate that people should start using it
- changing in CA stores
- changes in unit tests
- clientHello contains <= 118 ciphers as more could cause problem for picky servers
- fixed ROBOT check for STARTTLS which sometimes caused inconsistent test results
- fixed confused "ADDTL_CA_FILES" enviroment variable
- fixed word pattern matching in /etc/hosts where
anystringmatched alos192.168.0.11 anystring-tomcat - several minor fixes
What's Changed (full)
- Backport GH runner from 3.3dev by @drwetter in #2900
- Fix #2896 by @dcooper16 in #2898
- Consistency for function ciphers_by_strength() (3.2) by @drwetter in #2906
- Fix file time stamp issue by @drwetter in #2907
- Fix unittest 3.2 by @drwetter in #2921
- Update linux ca store 3.2 by @drwetter in #2918
- Fix date for Ubuntu >= 25.10 (3.2) by @drwetter in #2924
- Update "sneaky" user agent (3.2) by @drwetter in #2928
- Shorten badssl GHA as they fail too often (3.2) by @drwetter in #2932
- Fix date parsing bc of locale problem (3.2) by @drwetter in #2931
- Add new Sectigo R46 cert, update Java/Mozilla.pem (3.2) by @drwetter in #2936
- Fix pattern for matching /etc/hosts entries (3.2) by @drwetter in #2939
- Label missing KEMs as LOW severity (3.2) by @drwetter in #2962
- Fix #2959 by @dcooper16 in #2964
- Add missing LF after pwnkeys DB check (3.2) by @drwetter in #2966
- Add missing counter to ROBOT (3.2) by @drwetter in #2970
- Mitigate inconsistent test results for ROBOT (3.2) by @drwetter in #2976
- Finalize renaming MAX_WAITSOCK --> ROBOT_TIMEOUT (3.2) by @drwetter in #2984
- Bump version (3.2) by @drwetter in #2988
Full Changelog: v3.2.2...v3.2.3