Skip to content

Releases: tls-attacker/TLS-Attacker

TLS-Attacker 3.7.2

17 Dec 16:36
@ic0ns ic0ns
3.7.2
9f686c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.7.2

Fixes log4shell

Assets 2
Loading

TLS-Attacker 3.7.1

16 Jun 11:33
@JonSnowWhite JonSnowWhite
3.7.1
70f961d
Compare
Choose a tag to compare
TLS-Attacker 3.7.1

Fixed certificates

Assets 2
Loading

TLS-Attacker 3.7.0

09 Jun 14:14
@ic0ns ic0ns
3.7.0
b4b6171
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.7.0

Lots of minor improvements
Fix for NPE's that can occur during fuzzing with TLS-Attacker.
Fixed a bug that caused handshakes to fail with x448 and x25519 for servers
Fixed SKE signature generation for non-SECP256R1 ECDH handshakes
Updated Autoformatter & re-Formatted everthing
Implemented HRR for TLS 1.3
Added KeyUpdate
Removed PrettyPrinter for XML
Reworked Transport Module
Refactored ALPN Code
Added Dynamic Renegotiation WorkflowTraceType
Updated Readme
Fixed a bug where TLS-Attacker would write the signature length in anon cipher suites into SKE messages
Fixed a bug in the socket state determination
Added flag for CCS encryption in TLS 1.3
Added a flag to keep server sequence numbers (ccs)
Updated SCT code
Made XSD validation optional
Fixed chacha draft cipher suites
Fixed an infinite loop with f2m curves
Fixed CipherState reset in StreamCiphers
Implemented CookieExtension
Added serialisation possibilities for messages and actions

Assets 2
Loading

TLS-Attacker 3.6.0

04 Nov 13:27
@ic0ns ic0ns
3.6.0
a5e9b78
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.6.0

Java 11 support
Fixed flaw in signature and hash algorithm selection
Improved automatic Certificate selection
Updated Invalid Curve Attacker
Fixed createPointOnCurve for Secp224
Added createPointOnCurve for F2m curves
Added Constants for explicit elliptic curves
TLS 1.3 handshakes now correctly set the named group
Removed TLS 1.3 draft versions
Improved Timing Measurement code
Fixed a lot of flaws/exceptions which can occur if you do completely random modifications
Streamlined API's
Improved Starttls integration
Improved ESNI support
Changed alertLevel and description to enums in the config
Integrated OCSP support

Assets 3
Loading

TLS-Attacker 3.5.0

09 Sep 13:38
@jurajsomorovsky jurajsomorovsky
3.5.0
6ab9a5e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.5.0
  • Fixes in TLS 1.3 implementation
  • Removed TLS 1.3 draft version
  • Fixed lots of smallish bugs with very invalid messages found during fuzzing
  • Fixed an infinite loop when using TlsAttackerSocket with large amounts of data
  • Added first draft of TLS 1.3 client authentication
Assets 3
Loading

TLS-Attacker 3.0b

07 Feb 10:27
@ic0ns ic0ns
3.0b
2844c1e
Compare
Choose a tag to compare
TLS-Attacker 3.0b

The exact development version of TLS-Attacker used in the paper:
"Analysis of DTLS Implementations Using Protocol State Fuzzing"

Assets 2
Loading

TLS-Attacker 3.4.0

20 Jan 14:43
@ic0ns ic0ns
3.4.0
32c5bcb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.4.0

-improved invalid curve attacker (now also with twist support)
-certificate delegate now also supports .pem files
-fixed some bugs

Assets 2
Loading

TLS-Attacker 3.3.1

11 Nov 17:12
@ic0ns ic0ns
3.3.1
1e4187b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.3.1

Fixed a NullPointerException in the InvalidCurveAttacker
Fixed a Bug which affects the BouncyCastleProviderChecker in some ClassLoader setups

Assets 2
Loading

TLS-Attacker 3.3.0

07 Nov 16:54
@jurajsomorovsky jurajsomorovsky
3.3.0
b4642c8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.3.0
  • Bug fixes
  • New versioning scheme
Assets 2
Loading

TLS-Attacker 3.2

04 Sep 15:18
@ic0ns ic0ns
3.2
fcac445
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TLS-Attacker 3.2

Contains only a minor "bug" fix in the HeartbleedAttacker to make it work dynamically, even if the default ciphersuite is not supported by the server

Assets 2
Loading