forked from ioerror/sslscan
-
Notifications
You must be signed in to change notification settings - Fork 1
/
TODO
18 lines (18 loc) · 1 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Fix the certificate formatting (prefix it with whitespace)
Add support for SOCKS5 proxy (or audit for 'usewithtor')
It seems to work fine with 'usewithtor'
It still seems prudent to add proper proxy support
Add STARTTLS support for LDAP:
http://www.rfc-editor.org/rfc/rfc2830.txt
Add HTML report generation
Add diff between reported and actually supported ciphers
Make a Debian package
Merge the Windows port into tip: http://code.google.com/p/sslscan-win/
Ensure that output is highlighted for dangerous ciphers (blink, blink)
Throw up sirens if ssl2 is enabled
ciphers from the LOW/EXP/eNULL category are supported for any protocol
renegotiation is allowed on tlsv1 (maybe check if TRACE is supported if it's an http server)
We should explictly check for things that may be NULL; the original author was not very careful.
Perhaps write a GUI for people who are console adverse?
Compare with http://www.thesprawl.org/memdump/?entry=7
Finally, we should send a diff from 1.8.2 to the upstream developer