This is the first snapshot release for 3.3dev. It is for users which want to use the latest and greatest set of features but also want to have a version which matured enough.
In order not to confuse users with the stable branch 3.2 where no new features will appear, this is labeled (from github) as pre-release. But it is believed to be production ready. However things will continue to change in 3.3dev until the next stable release 3.4.0 .
Features as TL;DR
- QUIC protocol check
- TLS 1.3 early data (0-RTT)
- Adds a check for mandatory extended master secret TLS extension
- Bump SSLlabs rating guide to 2009r
- Check for Opossum vulnerability
- Enable IPv6 automagically, i.e. if target via IPv6 is reachable just (also) scan it
- MacOS runs faster
- Provide an FAQ
What's Changed
- Fix README DeepWiki Link by @HarrisonTCodes in #2801
- Reflect version 3.0.10 version is EOL by @drwetter in #2804
- Reflect that this is 3.3dev by @drwetter in #2805
- Modify grading for incomplete chain. by @secinto in #2798
- Add sectigo CA E46 and R46 for Linux.pem by @drwetter in #2808
- Minor improvements to #2798 by @drwetter in #2809
- Change action docker file to 3.3dev by @drwetter in #2811
- YAML file doesn't need the unit tests by @drwetter in #2812
- Revert lowercase conversion for repo by @drwetter in #2813
- Revert "Revert lowercase conversion for repo" by @drwetter in #2814
- Improve error message for sockets fail and Alpine by @drwetter in #2817
- Performance hint for openssl by @drwetter in #2820
- Fix 52_ocsp_revoked (OCSP --> CRL) by @drwetter in #2823
- First try for QUIC (OpenSSL only and only checking the protocol) by @drwetter in #2822
- Fix not working --disable-rating switch (3.3dev) by @drwetter in #2827
- Removed rogue space on QUIC output by @digininja in #2828
- feat: bump ssllabs rating guide to 2009r by @magnuslarsen in #2830
- Update CHANGELOG.md by @drwetter in #2835
- For Mac: use homebrew's openssl by @drwetter in #2837
- Redo PR for Opossum , see #2838 by @drwetter in #2842
- Fix message when IPv6 needs to be tested too by @drwetter in #2844
- Try harder to find OPENSSL2 by @drwetter in #2846
- add support for MacOS's dscacheutil by @wfaulk in #2848
- Fix port and block problem for Opossum by @drwetter in #2851
- only exec QUIC when SERVICE= HTTP by @drwetter in #2853
- Enable IPv6 automagically by @drwetter in #2852
- Fix bug when --nodns none --ip is supplied by @drwetter in #2856
- Doing a better guess for Opossum when tcp/80 is not a/v by @drwetter in #2855
- Slightly improved strings @ pre-socket handling by @drwetter in #2858
- Fix also IPv6 addresses for --nodns etc.... by @drwetter in #2860
- Test with badge referring to the correct branch by @drwetter in #2862
- Pick another host for unit tests by @drwetter in #2857
- More reliability for QUIC test by @drwetter in #2863
- Modify OS bullet point + badge param by @drwetter in #2865
- Exec IPv6 check in background by @drwetter in #2867
- Try badge for correct branch by @drwetter in #2869
- Fix additional parameter in shouldwedo_ipv6() by @drwetter in #2868
- wait_kill() is now 0.1 seconds by @drwetter in #2870
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #2872
- Keep feature_request.md up to date by @drwetter in #2877
- Provide an FAQ by @drwetter in #2879
- Additions to FAQ by @drwetter in #2882
- Fix garbled screen when HTTP Age is not a non-negative int by @drwetter in #2886
- Fix indentation @ Intermediate cert validity by @drwetter in #2891
- Restructure, load balancer issue, STARTTLS SMTP better explained by @drwetter in #2894
- Fix #2896 by @dcooper16 in #2897
- Consistency for function ciphers_by_strength() by @drwetter in #2905
- Jdvorak001 fix file naming by @drwetter in #2904
- Define vars for early data by @drwetter in #2911
- Update baseline scan for unit test by @drwetter in #2914
- TLS 1.3 early data / 0-RTT by @drwetter in #2912
- Fix date for Ubuntu >= 25.10 by @drwetter in #2913
- Update GHAs by @drwetter in #2919
- Update Linux CA store by @drwetter in #2916
- Minor fine tuning by @drwetter in #2923
- Squash some shellcheck errors by @drwetter in #2922
- Update "sneaky" user agent by @drwetter in #2927
- Fix date parsing bc of locale problem by @drwetter in #2930
- Shorten badssl GHA as they fail too often by @drwetter in #2934
- Add new Sectigo R46 cert, update Java/Mozilla.pem by @drwetter in #2935
- Fix pattern for matching /etc/hosts entries by @drwetter in #2938
- Shellcheck cherrypicked from PR #2428 by @drwetter in #2940
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #2941
- feat: --rating-only flag to only test checks required for rating by @magnuslarsen in #2945
- Update docs after raiting only switch by @drwetter in #2948
- Ignore files types for shellcheck by @drwetter in #2949
- Add support for EC private key in mTLS check by @24icewolf42 in #2947
- Fix and improve Opossum check by @drwetter in #2951
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in #2953
- No shellcheck in ./t/ by @drwetter in #2955
- Try to remove the "failed to flush stdout" messages by @drwetter in #2957
- Address 2952 by @drwetter in #2954
- Fix error when early data empty by @drwetter in #2958
- Label missing KEMs as LOW severity by @drwetter in #2961
- Fix #2959 by @dcooper16 in #2963
- Add missing LF after pwnkeys DB check by @drwetter in #2965
- Remove underlined headline for each vulnerability by @drwetter in #2967
- ROBOT is also a vulnerability by @drwetter in #2968
- Mitigate inconsistent test results for ROBOT by @drwetter in #2969
- Add ROBOT_TIMEOUT to documentation by @drwetter in #2974
- Update badges by @drwetter in #2975
- Add FAQ by @drwetter in #2977
- Polish by @drwetter in #2978
- Suggest alternative $OPENSSL2 when $OPENSSL fails by @drwetter in #2980
- general remarks, check boxes by @drwetter in #2979
- Remove VULN_THRESHLD relic by @drwetter in #2981
- Flag absence of extended master secret extension by @drwetter in #2982
- Finalize renaming MAX_WAITSOCK --> ROBOT_TIMEOUT by @drwetter in #2985
- Prepare for a snapshot release by @drwetter in #2989
- Add "dev" to the version banner to clarify by @drwetter in #2991
New Contributors
- @HarrisonTCodes made their first contribution in #2801
- @secinto made their first contribution in #2798
- @digininja made their first contribution in #2828
- @wfaulk made their first contribution in #2848
- @24icewolf42 made their first contribution in #2947
Full Changelog: v3.2.1...v3.3dev-snapshot-2602