### SSLsplit master - Add experimental support for pf on Mac OS X 10.7+ (issue #15). - Fix segmentation fault on connections without SNI hostname, caused by compilers optimizing away a NULL pointer check (issue #14). - Also build ipfw NAT engine if pf is detected to support pf divert-to. ### SSLsplit 0.4.7 2013-07-02 - Fix remaining threading issues in daemon mode. - Filter HPKP header lines from HTTP(S) response headers in order to prevent public key pinning based on draft-ietf-websec-key-pinning-06. - Add HTTP status code and content-length to connection log. ### SSLsplit 0.4.6 2013-06-03 - Fix fallback to passthrough (-P) when no matching certificate is found for a connection (issue #9). - Work around segmentation fault when loading certificates caused by a bug in OpenSSL 1.0.0k and 1.0.1e. - Fix binding to ports < 1024 with default settings (issue #8). ### SSLsplit 0.4.5 2012-11-07 - Add support for 2048 and 4096 bit Diffie-Hellman. - Fix syslog error messages (issue #6). - Fix threading issues in daemon mode (issue #5). - Fix address family check in netfilter NAT lookup (issue #4). - Fix build on recent glibc systems (issue #2). - Minor code and build process improvements. ### SSLsplit 0.4.4 2012-05-11 - Improve OCSP denial for GET based OCSP requests. - Default elliptic curve is now 'secp160r2' for better ECDH performance. - More user-friendly handling of -c, -k and friends. - Unit test source code renamed from *.t to *.t.c to prevent them from being misdetected as perl instead of c by Github et al. - Minor bugfixes. ### SSLsplit 0.4.3 2012-04-22 - Add generic OCSP denial (-O). OCSP requests transmitted over HTTP or HTTPS are recognized and denied with OCSP tryLater(3) responses. - Minor bugfixes. ### SSLsplit 0.4.2 2012-04-13 - First public release.