Update version to 0.8.1

Update TLS 1.3 documentation.
4 years ago · 6c0b981831
parent 4ee7bbcf15
commit 6c0b981831
8 changed files with 23 additions and 11 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -1,4 +1,14 @@

+### SSLproxy 0.8.1 2020-09-07
+
+-   Partial support for TLS 1.3. No support for encrypted SNI yet. TLS 1.3 is 
+    enabled by default depending on the version of OpenSSL.
+-   Add -U CipherSuites option for TLS 1.3.
+-   Add WITHOUT_USERAUTH switch, which removes the dependency on sqlite too.
+-   Improve testproxy e2e tests.
+-   Various fixes and improvements.
+
+
 ### SSLproxy 0.8.0 2020-05-24

 -   Restructure source tree, create src and tests folders, move files
--- a/README.md
+++ b/README.md
@ -92,7 +92,8 @@ dynamically upgrade plain TCP to SSL in order to generically support SMTP
 STARTTLS and similar upgrade mechanisms.  SSLproxy fully supports Server Name 
 Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and 
 ECDHE cipher suites.  Depending on the version of OpenSSL, SSLproxy supports 
-SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well.
+SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, and optionally SSL 2.0 as 
+well.

 For SSL and HTTPS connections, SSLproxy generates and signs forged X509v3
 certificates on-the-fly, mimicking the original server certificate's subject
--- a/src/sslproxy.1
+++ b/src/sslproxy.1
@ -29,7 +29,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "sslproxy" "1" "24 May 2020" "v0.8.0" "SSLproxy"
+.TH "sslproxy" "1" "07 September 2020" "v0.8.1" "SSLproxy"
 .SH NAME
 sslproxy \-\- transparent SSL/TLS proxy for decrypting and diverting network 
 traffic to other programs for deep SSL inspection
@ -92,7 +92,8 @@ dynamically upgrade plain TCP to SSL in order to generically support SMTP
 STARTTLS and similar upgrade mechanisms.  SSLproxy fully supports Server Name 
 Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and 
 ECDHE cipher suites.  Depending on the version of OpenSSL, SSLproxy supports 
-SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well.
+SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, and optionally SSL 2.0 as 
+well.
 .LP
 For SSL/TLS connections, SSLproxy generates and signs forged X509v3 
 certificates on-the-fly, mimicking the original server certificate's subject 
@ -370,7 +371,7 @@ This is useful when analyzing traffic to a server that only supports a specific
 version of SSL/TLS and does not implement proper protocol negotiation.
 Depending on build options and the version of OpenSSL that is used, the
 following values for \fIproto\fP are accepted: \fBssl2\fP, \fBssl3\fP,
-\fBtls10\fP, \fBtls11\fP and \fBtls12\fP.
+\fBtls10\fP, \fBtls11\fP, \fBtls12\fP, and \fBtls13\fP.
 Note that SSL 2.0 support is not built in by default because some servers
 don't handle SSL 2.0 Client Hello messages gracefully.
 .TP
@ -384,7 +385,7 @@ does not handle some protocol versions well, or to test behaviour with
 different protocol versions.
 Depending on build options and the version of OpenSSL that is used, the
 following values for \fIproto\fP are accepted: \fBssl2\fP, \fBssl3\fP,
-\fBtls10\fP, \fBtls11\fP and \fBtls12\fP.
+\fBtls10\fP, \fBtls11\fP, \fBtls12\fP, and \fBtls13\fP.
 Note that SSL 2.0 support is not built in by default because some servers
 don't handle SSL 2.0 Client Hello messages gracefully.
 .TP
--- a/src/sslproxy.conf
+++ b/src/sslproxy.conf
@ -1,4 +1,4 @@
-# Sample configuration for sslproxy v0.8.0
+# Sample configuration for sslproxy v0.8.1
 #
 # Use the -f command line option to start sslproxy with a config file.
 # See sslproxy.conf(5) and sslproxy(1) for documentation.
@ -88,7 +88,7 @@ CAKey /etc/sslproxy/ca.key
 #MinSSLProto tls10

 # Max SSL/TLS protocol version.
-# (default: tls13)
+# (default: tls12 or tls13, depending on the version of SSL library)
 #MaxSSLProto tls13

 # Use the given OpenSSL ciphers spec.
--- a/src/sslproxy.conf.5
+++ b/src/sslproxy.conf.5
@ -26,7 +26,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "sslproxy.conf" "5" "24 May 2020" "v0.8.0" "SSLproxy"
+.TH "sslproxy.conf" "5" "07 September 2020" "v0.8.1" "SSLproxy"
 .SH "NAME"
 .LP 
 \fBsslproxy.conf\fR \- Configuration file for SSLproxy
--- a/tests/testproxy/sslproxy.conf
+++ b/tests/testproxy/sslproxy.conf
@ -1,4 +1,4 @@
-# TestProxy test configuration for sslproxy v0.8.0
+# TestProxy test configuration for sslproxy v0.8.1

 # Global options
 #User _sslproxy
--- a/tests/testproxy/sslproxy_no_tls11.conf
+++ b/tests/testproxy/sslproxy_no_tls11.conf
@ -1,4 +1,4 @@
-# TestProxy test configuration for sslproxy v0.8.0
+# TestProxy test configuration for sslproxy v0.8.1

 # Global options
 #User _sslproxy
--- a/tests/testproxy/sslproxy_no_tls13.conf
+++ b/tests/testproxy/sslproxy_no_tls13.conf
@ -1,4 +1,4 @@
-# TestProxy test configuration for sslproxy v0.8.0
+# TestProxy test configuration for sslproxy v0.8.1

 # Global options
 #User _sslproxy