From b0d035cbf4ab14200a592e20c79e98b144773f09 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Tue, 10 Oct 2023 11:13:44 +0200
Subject: [PATCH] went though the log from today back to Nov 22

---
 CHANGELOG.md | 28 +++++++++++++++++-----------
 CREDITS.md   |  8 +++++++-
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3db39d698..44db7969a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,44 +3,50 @@
 
 ### Features implemented / improvements in 3.2rcX
 
+* Rating (SSL Labs, not complete)
 * Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default)
 * Improved compatibility with OpenSSL 3.0
+* Improved compatibility with Open/LibreSSL versions not suppoting TLS 1.0-1.1 anymore
 * Renamed PFS/perfect forward secrecy --> FS/forward secrecy
+* Cipher list straightening
 * Improved mass testing
-* Align better colors of ciphers with standard cipherlists
-* Added several ciphers to colored ciphers
+* switched to multi-stage image with opensuse base to avoid musl libc issues
+* Btter align colors of ciphers with standard cipherlists
+* Several ciphers more colorized
 * Percent output char problem fixed
 * Several display/output fixes
 * BREACH check: list all compression methods and add brotli
 * Test for old winshock vulnerability
 * Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
-* Security fix: DNS input
-* Don't use external pwd anymore
 * STARTTLS: XMPP server support
-* Code improvements to STARTTLS
-* Detect better when no STARTTLS is offered
-* Rating (SSL Labs, not complete)
+* Several code improvements to STARTTLS, also better detection when no STARTTLS is offered
+* STARTTLS on active directory service support
+* Security fixes: DNS and other input from servers
 * Don't penalize missing trust in rating when CA not in Java store
 * Added support for certificates with EdDSA signatures and public keys
+* Extract CA list shows supported certification authorities sent by the server
+* TLS 1.2 and TLS 1.3 sig algs added
+* Check for ffdhe groups
+* Show server supported signature algorithms
 * --add-ca can also now be a directory with \*.pem files
 * Warning of 398 day limit for certificates issued after 2020/9/1
 * Added environment variable for amount of attempts for ssl renegotiation check
 * Added --user-agent argument to support using a custom User Agent
 * Added --overwrite argument to support overwriting output files without warning
 * Headerflag X-XSS-Protection is now labeled as INFO
+* Strict parser for HSTS
+* DNS via proxy improvements
 * Client simulation runs in wide mode which is even better readable
 * Added --reqheader to support custom headers in HTTP requests
 * Test for support for RFC 8879 certificate compression
-* Check for ffdhe groups
 * New set of OpenSSL-bad binaries with STARTTLS xmpp-server
 * Save a few cycles for ROBOT
 * Provide a better verdict wrt to server order: Now per protocol and ciphers are
   weighted for each protocol
 * Remove "negotiated cipher / protocol"
-* Extract CA list shows supported certification authorities sent by the server
-* Show server supported signature algorithms
+* Deprecating --fast and --ssl-native (warning but still av)
 * Compatible to GNU grep 3.8
-* STARTTLS on active directory service works now
+* Don't use external pwd command anymore
 
 
 ### Features implemented / improvements in 3.0
diff --git a/CREDITS.md b/CREDITS.md
index dbd6b36f2..76a9413fc 100644
--- a/CREDITS.md
+++ b/CREDITS.md
@@ -9,7 +9,7 @@ Full contribution, see git log.
 * David Cooper (main contributor)
   - Major extensions to socket support for all protocols
   - extended parsing of TLS ServerHello messages
-  - TLS 1.3 support (final and pre-final)
+  - TLS 1.3 support (final and pre-final) with needed encrption/decryptions
   - add several TLS extensions
   - Detection + output of multiple certificates
   - several cleanups of server certificate related stuff
@@ -29,13 +29,16 @@ Full contribution, see git log.
   - several protocol preferences improvements
   - pwnedkeys.com support
   - CT support
+  - Extract CA list CertificateRequest message is encountered
   - RFC 8879, certificate compression
   - 128 cipher limit, padding
   - compatibility for LibreSSL and different OpenSSL versions
   - Check for ffdhe groups
+  - TLS 1.2 and TLS 1.3 sig algs added
   - Show server supported signature algorithms
   - Show supported certification authorities sent by the server when client auth is requested
   - Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
+ -  Provide compatibility to every LibreSSL/OpenSSL versions
   - Lots of fixes and improvements
 
 ##### Further credits (in alphabetical order)
@@ -90,6 +93,9 @@ Full contribution, see git log.
 * Hubert Kario
   - helped with avoiding accidental TCP fragmentation
 
+* Brennan Kinney
+  - refactor dockerfile: Change base Alpine (3.17) => openSUSE Leap (15.4)
+
 * Magnus Larsen
   - SSL Labs Rating