|
|
|
|
@ -1,43 +1,43 @@
|
|
|
|
|
|
|
|
|
|
### SSLsplit develop
|
|
|
|
|
### SSLsplit 0.5.0 2016-03-27
|
|
|
|
|
|
|
|
|
|
- Generically support STARTTLS through the new autossl proxyspec type that
|
|
|
|
|
upgrades a TCP connection to SSL/TLS when a ClientHello message is seen
|
|
|
|
|
(based on contribution by @RichardPoole42, pull req #87).
|
|
|
|
|
- Fix a rare segmentation fault upon receiving EOF on the inbound connection
|
|
|
|
|
while the outbound connection has not been established yet (patch by
|
|
|
|
|
@eunsoopark, issue #124).
|
|
|
|
|
- Enable full-strength DHE and ECDHE by default, even for non-RSA leaf keys,
|
|
|
|
|
in order to avoid weak cipher warnings from browsers (issue #119).
|
|
|
|
|
- Fix SSL sessions to actually time out (patch by @eunsoopark, issue #115).
|
|
|
|
|
- Add XNU headers for OS X 10.11 El Capitan (issue #116).
|
|
|
|
|
- Fix EV_READ event re-enable bug that could lead to stalled connections
|
|
|
|
|
after throttling one direction (issue #109).
|
|
|
|
|
- Add contributed -L log parsing scripts to extra/, including conversion to
|
|
|
|
|
PCAP using emulated IP and TCP headers (contributed by @mak, issue #27).
|
|
|
|
|
- Only initialize DNS subsystems when DNS lookups are actually needed by the
|
|
|
|
|
loaded proxy specifications (related to issue #104).
|
|
|
|
|
- Fix build with LibreSSL that lacks recent OpenSSL API additions.
|
|
|
|
|
- Fix build with OpenSSL versions that had SSLv3 support removed.
|
|
|
|
|
- Warn when an OpenSSL version mismatch is detected (issue #88).
|
|
|
|
|
- Added separate src/dst host and port format specifiers %S, %p, %D and %q
|
|
|
|
|
- Add separate src/dst host and port format specifiers %S, %p, %D and %q
|
|
|
|
|
to -F (pull req #74 by @AdamJacobMuller).
|
|
|
|
|
- Filenames generated by -S and -F %d and %s changed from [host]:port to
|
|
|
|
|
host,port format and using underscore instead of colon in IPv6 addresses
|
|
|
|
|
in order to be NTFS clean (issue #69).
|
|
|
|
|
- Connect log format: host and port are now separate fields (issues #69 #74).
|
|
|
|
|
- Removed the non-standard word "unmodified" from the 2-clause BSD license.
|
|
|
|
|
- Add options -w and -W to write generated leaf key, original and forged
|
|
|
|
|
certificates to disk (issue #67 by @psychomario).
|
|
|
|
|
- Add signal SIGUSR1 to re-open long-living -l/-L log files (issue #52).
|
|
|
|
|
- Introduce privilege separation architecture with privileged parent process
|
|
|
|
|
and unprivileged child process; all files are now opened with the
|
|
|
|
|
privileges of the user running SSLsplit; arguments to -S/-F are no longer
|
|
|
|
|
relative to the chroot() if used with the -j option.
|
|
|
|
|
- Add contributed -L log parsing scripts to extra/, including conversion to
|
|
|
|
|
PCAP using emulated IP and TCP headers (contributed by @mak, issue #27).
|
|
|
|
|
- Enable full-strength DHE and ECDHE by default, even for non-RSA leaf keys,
|
|
|
|
|
in order to avoid weak cipher warnings from browsers (issue #119).
|
|
|
|
|
- Use the same hash algorithm in signatures on forged certificates as the
|
|
|
|
|
original certificates use, instead of always using SHA-1.
|
|
|
|
|
- Removed all references to SHA-1 and small key RSA root CA keys from
|
|
|
|
|
documentation, examples and unit testing (issue #83).
|
|
|
|
|
- Introduce privilege separation architecture with privileged parent process
|
|
|
|
|
and unprivileged child process; all files are now opened with the
|
|
|
|
|
privileges of the user running SSLsplit; arguments to -S/-F are no longer
|
|
|
|
|
relative to the chroot() if used with the -j option.
|
|
|
|
|
- Filenames generated by -S and -F %d and %s changed from [host]:port to
|
|
|
|
|
host,port format and using underscore instead of colon in IPv6 addresses
|
|
|
|
|
in order to be NTFS clean (issue #69).
|
|
|
|
|
- Connect log format: host and port are now separate fields (issues #69 #74).
|
|
|
|
|
- Only initialize DNS subsystems when DNS lookups are actually needed by the
|
|
|
|
|
loaded proxy specifications (related to issue #104).
|
|
|
|
|
- Removed the non-standard word "unmodified" from the 2-clause BSD license.
|
|
|
|
|
- Warn when an OpenSSL version mismatch is detected (issue #88).
|
|
|
|
|
- Add XNU headers for OS X 10.11 El Capitan (issue #116).
|
|
|
|
|
- Fix EV_READ event re-enable bug that could lead to stalled connections
|
|
|
|
|
after throttling one direction (issue #109).
|
|
|
|
|
- Fix build with LibreSSL that lacks recent OpenSSL API additions.
|
|
|
|
|
- Fix build with OpenSSL versions that had SSLv3 support removed.
|
|
|
|
|
- Fix a rare segmentation fault upon receiving EOF on the inbound connection
|
|
|
|
|
while the outbound connection has not been established yet (patch by
|
|
|
|
|
@eunsoopark, issue #124).
|
|
|
|
|
- Fix SSL sessions to actually time out (patch by @eunsoopark, issue #115).
|
|
|
|
|
- Fix passthrough mode with -t and an empty directory (issue #92).
|
|
|
|
|
- Minor bugfixes and improvements.
|
|
|
|
|
|
|
|
|
|
@ -148,6 +148,6 @@
|
|
|
|
|
|
|
|
|
|
### SSLsplit 0.4.2 2012-04-13
|
|
|
|
|
|
|
|
|
|
- First public release.
|
|
|
|
|
First public release.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Daniel Roethlisberger
8 years ago