Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-08 07:10:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
05410fe9b3
SSLproxy/NEWS
Daniel Roethlisberger 202b1270e3 Create session.pem without Internet connectivity 
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with.  This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
2014-01-11 21:49:05 +01:00

63 lines
2.1 KiB
Plaintext
Raw Blame History

### SSLsplit master
- Unit tests (make test) no longer require Internet connectivity.
- Add experimental support for pf on Mac OS X 10.7+ (issue #15).
- Also build ipfw NAT engine if pf is detected to support pf divert-to.
- Fix file descriptor leak in passthrough mode (-P) after SSL errors.
- Fix memory corruption after the certificate in the cache had to be updated
during connection setup (issue #16).
- Fix segmentation fault on connections without SNI hostname, caused by
compilers optimizing away a NULL pointer check (issue #14).
### SSLsplit 0.4.7 2013-07-02
- Fix remaining threading issues in daemon mode.
- Filter HPKP header lines from HTTP(S) response headers in order to prevent
public key pinning based on draft-ietf-websec-key-pinning-06.
- Add HTTP status code and content-length to connection log.
### SSLsplit 0.4.6 2013-06-03
- Fix fallback to passthrough (-P) when no matching certificate is found
for a connection (issue #9).
- Work around segmentation fault when loading certificates caused by a bug
in OpenSSL 1.0.0k and 1.0.1e.
- Fix binding to ports < 1024 with default settings (issue #8).
### SSLsplit 0.4.5 2012-11-07
- Add support for 2048 and 4096 bit Diffie-Hellman.
- Fix syslog error messages (issue #6).
- Fix threading issues in daemon mode (issue #5).
- Fix address family check in netfilter NAT lookup (issue #4).
- Fix build on recent glibc systems (issue #2).
- Minor code and build process improvements.
### SSLsplit 0.4.4 2012-05-11
- Improve OCSP denial for GET based OCSP requests.
- Default elliptic curve is now 'secp160r2' for better ECDH performance.
- More user-friendly handling of -c, -k and friends.
- Unit test source code renamed from *.t to *.t.c to prevent them from being
misdetected as perl instead of c by Github et al.
- Minor bugfixes.
### SSLsplit 0.4.3 2012-04-22
- Add generic OCSP denial (-O). OCSP requests transmitted over HTTP or HTTPS
are recognized and denied with OCSP tryLater(3) responses.
- Minor bugfixes.
### SSLsplit 0.4.2 2012-04-13
- First public release.
Reference in New Issue View Git Blame Copy Permalink