Fled from the birdsite to a separate account.
Toots mostly in EN about testssl.sh and related stuff.
| main web site | https://testssl.sh |
| Github | https://testssl.sh/dev |
TL;DR: OpenSSH has since version 9.0 PQC kx enabled. Use it!
You might want to check the key exchange algos for SSH, if you had hardened them on the client or server side like years back -- unless you want your ssh sessions be vulnerable to "store now, decrypt later" attacks .
Only newer #OpenSSH clients (>10.1) issue a warning if the kx is not #PQC safe.
https://www.openssh.org/pq.html
(ssh -v , look for "kex: algorithm ")
Also, it was time to release a snapshot of the 3.3dev branch which stabilized well enough and has a good set of features to be released.
https://github.com/testssl/testssl.sh/releases/tag/v3.3dev-snapshot-2602
Enjoy && eat the meal while it's hot ;-)
Small version bump: 3.2.3 for the old branch of testssl.sh was just released
https://github.com/testssl/testssl.sh/releases/tag/v3.2.3
Get it while it's hot ;-)
RFC: What should the rating for #STARTTLS be like?
Willing to help? See https://github.com/testssl/testssl.sh/issues/2908
I am curious whether Apple finally made a step toward #PQC to catch up with all other major browser vendors with the release of version 26 of their operating systems. They lag behind since months:
New release for the stable branch 3.2
testssl.sh 3.3dev got a bit snappier, most notably for Macs:
#IPv6 PR incoming to automagically check also IPv6:
PR for #opossum vulnerability pending in testssl.sh 3.3dev:
