Skip to content

Beta 5
Compare
Choose a tag to compare
@spoofzu spoofzu released this 17 May 20:39
· 171 commits to master since this release
Beta5
bda17f8

Beta 5 release notes. For the original notes see, #5

(DELIVERED) Improvement 1, Improve Analysis of Ciphersuite strength evaluation
There are some ciphers in the list that are marked strong that are no longer strong. See, Mozilla Cipher Recommendations. Coordinating with ZAP team, see #2532.

(DELIVERED) Improvement 2, Improve Cipher Suite Naming and Mapping
Today DV includes the IANA cipher names, consider alternative mappings to Mozilla's Cipher Names Correspondence Table. See, Mozilla Cipher Recommendations. Also add improvement for key length evaluation, #8. Coordinating with ZAP team, see #2532.

(DROPPING) Improvement 3, Improve Command Line/GUI Output
Running DV from the command line produces a poorly formatted certificate output. Clean-up and standardized. (Sep17, Milton) Dropping this back to the feature grab bag since it's not very important to most people.

(PARTIAL DELIVERY) Improvement 4, Improve Test Cases
DV test cases are too simple. Need better test cases that test various types of trust chains like cross signing certificates, revoked certificates, malformed certificates, both positive/negative cases etc. (NotesMS Dec7) Test cases have been improved but more improvements need to be made. Beyond scope/depth of testing the test cases need to be thoughtfully arranged so to better coincide with the Maven deployment. For example, development check in should be quick testing but tests for pull requests should be more comprehensive prior to merge. After the merge testing should be run for historical reasons but we may not check the results unless their is a problem. This keeps test overhead to a minimum but applies the most comprehensive tests when needed the most.

(DELIVERED)Improvement 5, Include X.509 certificate tests from badssl.com
Internal improvement in the projects test TLS test suites. Badssl.com provides various servers on their site to perform negative certificate testing. Negative certificate tests can be difficult to setup and maintain so these tests help the DV team identify weaknesses in the API and fix them quickly.

(DELIVERED)Improvement 6, Test cases for Mozilla JSON
Internal improvement to validate Mozilla JSON files. Test cases added to assess quality of ciphermap.json and server-side-tls-conf-4.0.json files from the Mozilla project.

(PARTIAL DELIVERY) Improvement 7, Move source for Desktop/Command Line reference tools
Move reference tools out of the DeepViolet project and create a new project for them. The reason is that most people that need the API don't care about the tools. The tools just clutter up the API project. I isolating the core API from everything else is a better organizational approach. (NotesMS Dec7) For now the code has been moved out. A new repo has yet to be created but in any case it's not strictly required for Beta 5 objectives.

(DELIVERED)Improvement 8, Remove support for offline processing
Originally the API was designed to include some support for offline certificate analysis. In hind site this feature has limited usefulness an will be removed. The feature to save PEM encoded certificates may need to be cleaned up on the tools are split out from the main project. The feature to save PEM encoded certs can likely be removed since redirecting the output stream of the command line tool can effectively do the same thing.

Misc Enhancements/Bugs
Project documentation improvements, #9

Assets 4
Loading