
Version: 22.11.22
  BUGFIX
    * Net/SSLinfo.pm: BF: avoid "Use of uninitialized value ..." in datadump()
    * OSaft/Ciphers.pm: BF: using string '0 ' if value is 0 in _ciphers_init()
    * OSaft/Fata.pm: BF: string <<internal>> changed to internal to avoid conflict in HTML
    * o-saft.pl: BF: output for --ciphermode=dump corrected
    * o-saft.cgi: BF: regex for arguments to be ignored corrected
    * o-saft.tcl: BF: generating content for "help" improved
    * t/Makefile: ET: name of targets unified: testarg-hlp-*
    * t/Makefile.cipher: BT: targets testcmd-cipher-+test-ciphers-list-* corrected (are testarg-* now)
    * contrib/gen_standalone.sh: BF: better check for include of o-saft-dbx.pm
  CHANGES
    * o-saft.pl: EF: print number of checked ciphers for each protocol
    * o-saft.pl: EF: print warning if no ciphers specified
    * o-saft-man.pm: EF: new design for o-saft.cgi.html
    * o-saft-man.pm: EF: man_docs_write() (writes --help=ciphers-text also)
    * o-saft.cgi: EF: regex for illegal commands and options improved
    * o-saft.tcl: ED: "Key Bindings" documented
    * o-saft.tcl: EF: osaft_write_docs() used "o-saft.pl --help=gen-docs" to generate files
    * OSaft/Doc/help.txt: EF: description for --cipherrange=RANGE improved; --cipherpattern=PATTERN added
    * OSaft/Ciphers.pm: EF: cipher suites SM4-GCM-SM3 and SM4-CCM-SM3 added
    * OSaft/Ciphers.pm: EF: security for ciphers *PSK*CBC* set mediu
    * OSaft/Ciphers.pm: ET: test functionality improved
    * OSaft/Ciphers.pm: EF: @cipher_iana_recomended added (list of ciphers suites recommended by IANA)
    * t/Makefile.cipher: ET: tests for --ciphermode=dump added
    * t/Makefile.dev: ET: new Targets to test INSTALL.sh
    * Makefile: EF: enforce LANG=C environment for all tests
    * Makefile: EF: remove useless environment variables
    * Makefile: EF: include t/Makefile.gen t/Makefile.mod
    * Makefile: ET: target docs and do.data improved
    * contrib/HTML-table.awk: EF: improved for cipher lists; some header lines handled special
    * contrib/*_completion_o-saft: EF: completion for make added
    * checkAllCiphers.pl: EF: trace variable assignment improved
  NEW
    * o-saft.pl: EF: --cipher=CIPHER implemented
    * OSaft/Ciphers.pm: NF: get(pfs) implemented
    * t/Makefile: NT: target commands of testarg-%.log and testcmd-%.log piped to filter
    * t/Makefile.gen: NF: new Makefilewith user defined functions
    * t/Makefile.pod: EF: new section Make:target generation
    * t/Makefile.inc: EF: new text for TEST.logtxt; EXE.arg-logfilter and EXE.cmd-logfilter added
    * t/Makefile.dev: NT: targets for get_keys_list and get_names_list added
    * t/Makefile.dev: ET: targets for testng OSaft/Ciphers.pm functions added
    * t/Makefile.dev: ET: targets testarg-dev-o-saft-sh--post-* added
    * t/Makefile.misc: NT: new target testarg-misc_hashbang
    * contrib/INSTALL-template.sh: EF: copy_file implemented with --useenv; descrition for --useenv added

Version: 22.06.22
  BUGFIX
    * o-saft-man.pm: BF: check if no parameter given corrected
    * osaft.pm: BF: avoid "Use of uninitialized value $cipher" in get_cipher_owasp()
    * osaft.pm: BF: syntax (, instead of .) in cipheranges corrected
    * o-saft.pl: BF: avoid "Use of uninitialized value $cipher" in _sort_cipher_results()
    * o-saft.pl: BF: avoid "Use of uninitialized value $key" in checkciphers()
    * o-saft.pl: BF: match for valid --cipher-pattern corrected
    * o-saft.pl: BF: my -> our for simplified variables
    * o-saft.pl: BF: printversion() improved (avoid "Use uninitialized value")
    * o-saft.tcl: BF: add and delete of entry widgets for target names corrected
    * OSaft/Ciphers.pm: BF: missing cipher suite names DHE-PSK-AES18-CBC-SHA and DHE-PSK-AES256-CBC-SHA added
    * OSaft/Ciphers.pm: BF: missing ciphers in sequence of sort_cipher_names() added
    * contrib/INSTALL-template.sh: BF: "check for openssl executable used by O-Saft" improved
  CHANGES
    * o-saft.pl: EF: use _eval_cipherranges() instead of eval() directly
    * o-saft.pl: EF: more compatibility options from testssl.sh added
    * o-saft.pl: EF: _get_ciphers_range --> osaft::get_ciphers_range
    * o-saft.pl: EF: verbosity for cipher_selected with +cipher improved
    * o-saft.pl: EF: printing header line for all +cipher checks improved
    * o-saft.pl, *.pm: EF: @INC improved
    * o-saft.pl, *pm: EF: use OSaft::Text
    * o-saft-man.pm: EF: honor --v from caller
    * o-saft-man.pm: EF: JavaScript in man_ciphers() improved
    * o-saft-man.pm: EF: o-saft.cgi.html improved
    * o-saft-man.pm: ED: man_warnings() improved
    * contrib/INSTALL-template.sh: EF: check for O-Saft programs improved
    * contrib/o-saft_bench.sh: ED: pretty printed results
    * o-saft.tcl: EF: improved for AndroidWish
    * o-saft.tcl: EF: detect header line for SSL/TLS protocol od ciphers
    * o-saft.pl: EF: print header line for all +cipher checks (to map cipher suite names properly to pprotocols)
    * o-saft.pl: EF: redisign OSaft/Ciphers.pm: branch moved to trunk
    * osaft.pm: EF: get_ciphers_range() (moved from o-saft.pl)
    * osaft.pm: EF: redisign OSaft/Ciphers.pm: branch 1.270.1.4 moved to trunk
    * OSaft/Ciphers.pm: BF: all ciphers with 3DES are 112 bits only
    * OSaft/Ciphers.pm: BF: RMD replaced by RIPEMD for cipher MACs
    * OSaft/Ciphers.pm: EF: sort_cipher_results() moved from o-saft.pl
    * OSaft/Ciphers.pm: EF: set_sec() implemented
    * OSaft/Ciphers.pm: EF: redisign OSaft/Ciphers.pm: branch moved to trunk
    * OSaft/Doc/glossary.txt: EF: formal changes, some typos fixed; new XChaCha*, AESCCM*
    * OSaft/Doc/help.txt: ED: only historic references to +cipherall  and  +cipherraw
    * OSaft/Doc/help.txt: ED: documentation of --test-ciphers-* options improved
    * OSaft/Doc/rfc.txt: 
    * o-saft-dbx.pm: ED: documentation for --test-ciphers-* options improved
    * o-saft-dbx.pm: EF: unused methods removed; some methods moved to Ciphers.pm
    * contrib/INSTALL-template.sh: ED: text about generation improved
    * Makefile*: ET: generated target names improved; more targets for --test-*
    * Makefile: EF: README replaced by README.md
    * Makefile: ED: text about generation improved
    * Makefile: EF: _CIPHER and related sources removed
    * Makefile.dev: ET: some summary target added
    * Makefile.dev: ET: --test-regex moved from osaft.pm to o-saft.pl
    * Makefile.dev: ET: adapted to new --test-ciphers* options in various tools
    * Makefile.dev: ET: adapted to changes in Ciphers.dev; more tests for Ciphers.pm
    * Makefile.dev: ET: *osaft-cipher --> *.osaft-ciphers
    * Makefile.opt: ET: target testarg-opt-alias--test-ciphers-list added
    * Makefile.misc: ET: redesign OSaft/Ciphers.pm: target keys.* and values.* are no longer needed; removed
    * Makefile.misc: ET: target cloc.stat.log added
    * Makefile.cipher: ET: targets added for: +test-ciphers-list --range=*
    * Makefile.cipher: ET: more --range= checks added
    * Makefile.warnings: ET: target warning-009 removed
    * Makefile.warnings: ET: warning-521, warning-522, warning-504, warning-505, warning-862 added
  NEW
    * o-saft-man.pm: EF: man_ciphers() implemented; options --help=gen-cipher-text --help=gen-cipher-html
    * Makefile: EF: o-saft-docker added to INSTALL.sh
    * o-saft.tcl: EF: "Open window with list of cipher suites" implemeted
    * o-saft.tcl: EF: --tkpod added
    * o-saft.tcl: EF: menu/window for configuration settings added
    * o-saft.tcl: EF: tool layout optimized for use on tablet; --gui-layout=tables is default now
    * o-saft-docker: EF: option +VERSION added for compatibility with other tools

Version: 22.02.22
  BUGFIX
    * Net/SSLhello.pm: BF: avoid "Use of uninitialized value $ENV{"PWD"} in ..."
    * o-saft*, OSaft/Ciphers.pm: BF: avoid "Use of uninitialized value $ENV{"PWD"} in ..."
    * INSTALL.sh: BF: improved check for Perl modules
    * INSTALL.sh: BF: create required directories
    * contrib/gen_standalone.sh: BF: avoid overwriting generated code when used with -t option
    * o-saft.cgi: BF: checks for bad IPs improved
    * o-saft: BF: --port= handling for single host argument corrected
    * o-saft: BF: output for --legacy=testssl-g corrected
    * o-saft: BF: do not start GUI on CLI when output is redirected; detect GUI if STDIN is missing
    * contrib/install_openssl.sh: BF: conflicting variable names and check for libidn.so corrected
    * contrib/gen_standalone.sh: BF: avoid perl warning "Unescaped left brace in regex is deprecated" (in newer perl versions)
    * contrib.bunt.pl: BF: missing space in substitution corrected
    * contrib.bunt.pl: BF: colourizing cipher rating improved
    * contrib.bunt.pl: BF: detecting host:port corrected
    * t/o-saft_bench.sh: BF: +VERSION corrected
    * t/o-saft_bench.sh: BF: redirect output of time command (from tty) correctly
    * osaft.pm: BF: some cipher names corrected
    * osaft.pm: BF: TLS 1.3 cipher-suites corrected
    * osaft.pm: BF: ciphers 0x00,0x7x corrected (ciphers for openpgp extension)
    * osaft.pm: BF: cipher rating (OWASP A) adapted to OWASP TLS Cheat Sheet (DHE*)
    * osaft.pm: BF: avoid **WARNING: 412: for INFO_SCSV
    * osaft.pm: BF: sorting ciphers according strength improved (added some CHACHA*, FZA*,
    * o-saft*: BF: settings in @INC improved; set . instead ./ in @INC
    * o-saft.pl: BF: check for --trace* option improved
    * o-saft.pl: BF: check for +ocsp_uri and +ocsp_valid corrected
    * o-saft.pl: BF: set default CA file if none found (--ca-file)
    * o-saft.pl: BF: duplicate warning 042 corrected
    * o-saft.pl: BF: ignore unknown options (new warning 029); avoids using its value as target
    * o-saft.pl: BF: avoid perl error: "Undefined subroutine &Time::Local::timelocal ..."
    * o-saft.pl: BF: check for +cipher_pfsall corrected
    * o-saft.pl: BF: check for +logjam corrected (use $cipher instead of $c)
    * o-saft.pl: BF: better ckeck for ancient Net:SSLeay < 1.49 functionality to avoid crash
    * o-saft.pl: EF: better check vor valid hostname arguments
    * o-saft.pl: BF: --exitcode does not count missing PFS if no ciphers offered
    * o-saft.pl: BF: --exitcode does not count TLSv13
    * o-saft.pl: BF: --exitcode-v corrected
    * o-saft.pl: BF: setting cfg{'ca_file'} corrected
    * o-saft.pl: BF: description of some ciphers corrected (according openssl description)
    * Net/SSLinfo.pm: EF: output for --trace improved and unified
    * Net/SSLinfo.pm: BT: test_ssleay() avoids using undefined functions which results in perl's "Can't locate .." error
    * Net/SSLinfo.pm: documentation for --test-* corrected
    * Net/SSLinfo.pm: avoid Perl warning "used only once: possible typo"
    * Net/SSLinfo.pm: BF: get session information from Net::SSLeay (avoid perl warnings)
    * Net/SSLinfo.pm: BF: avoid confusing message in servers access.log like: "\n" 400 750 "-" "-"
    * Net/SSLhello.pm: BF: avoid "Use of uninitialized value $ENV{"PWD"} in ..."
    * OSaft/Doc/Data.pm: BF: avoid some POD link syntax L<
    * OSaft/Doc/Data.pm: BF: warnings have a message number
    * OSaft/Ciphers.pm: BF: extend @INC (for internal use; @INC depends on OS and distribution)
    * OSaft/Ciphers.pm: BF: sorting of strong ciphers improved
    * OSaft/Ciphers.pm: BF: numbers for warning messages
    * o-saft.tcl: EF: generating Tcl-markup for help improved (still not perfect)
    * o-saft.tcl: BF: syntax corrected when --rc used
    * o-saft.tcl: BF: UP and DOwn button in help window aktivated
    * o-saft.tcl: BF: avoid searching for empty strings in help window
    * o-saft.tcl: BF: result from +version not shown as table data
    * Makefile.dev: BT: test with gen_standalone.sh improved
    * Makefile.warning: BT: duplicate warning 042 corrected
    * Makefile.cipher: BT: typo in target name corrected
    * Makefile: BF: GEN.man depends on GEN.pod
    * Makefile: BF: generation of files depending on OSaft/Doc/help.txt corrected
    * o-saft-dbx.pm: BF: print content of %cfg{targets} instead of array ref
    * o-saft-man.pm: BF: avoid "Use of uninitialized value ..." in man_warnings()
    * o-saft-man.pm: BF: detect o-saft as one of our own commands in help texts
    * o-saft-man.pm: BF: dirty hack to find proper .pod file for gen-man
    * o-saft-man.pm: BF: generation of links in POD and HTML improved
    * o-saft-man.pm: BF: _main renamed to _main_man (because this file is not yet a Perl package)
    * o-saft-man.pm: BF: setting default options in generated .html corrected
  CHANGES
    * contrib/HTML-table.awk: EF: print table header for each table
    * Makefile: ET: t/cloc-total.awk added as source file; list of documentation files improved
    * o-saft.cgi: EF: --format=html implemented (experimental)
    * o-saft.cgi: EF: parameter sanitation improved (trailing = in names removed)
    * o-saft-man.pm: ED: output for --help=warnings in man_warnings() improved
    * o-saft-man.pm: ED: idention in HTML <li> lists improved
    * o-saft-man.pm: EF: --help=warnings implemented
    * o-saft-man.pm: EF: --format=html option generated for --help=gen-cgi (o-saft.cgi.html)
    * o-saft-man.pm: EF: --cgi-no-header added to quick options for o-saft.cgi.html
    * t/Makefile.tcl: ET: target testcmd-tclinteractive-* and test.GUI added; testcmd-tcl---gui-* added
    * t/Makefile.tcl: ET: new test targets
    * t/Makefile.dev: ET: more individual targets for EXE.osaft (calling contrib/bunt.pl)
    * t/Makefile.misc: ET: targets test.keys and test.values
    * t/Makefile.misc: ET: targets cloc.csv and cloc.total added
    * t/cloc-total.awk: EF: check calculated vs. reported values
    * t/cloc-total.awk: EF: print comments reported by cloc
    * o-saft.tcl: EF: read configuration from static files; new option --no-docs
    * o-saft.tcl: EF: --stdin (reading data from STDIN) implemented
    * o-saft.tcl: EF: options --test=FILE --layout=table implemented
    * o-saft.tcl: EF: degugging improved; default configuration for Android improved
    * o-saft.tcl: ET: option --test-tcl added
    * INSTALL.sh: EF: --check and --install check for installed wish
    * INSTALL.sh: EF: use unique error numbers
    * INSTALL.sh: EF: use --install as default if no option given
    * INSTALL.sh: EF: check for optional executables
    * INSTALL.sh: EF: functionality and documentation improved
    * Dockerfile: EF: build with debian supported
    * Dockerfile: EF: using alpine:3.10
    * Dockerfile: EF: Workaround for docker/alpine (bug or race condition) added
    * contrib/o-saft.php: EF: moved to .
    * contrib.bunt.pl: EF: improved for ciphrs with OWASP rating
    * contrib.bunt.pl: ED: documentation improved
    * Makefile.cipher: EF: new targets for testing +cipher with options
    * Makefile.cmds: ET: renamed to Makefile.cmd
    * OSaft/Doc/tools.txt: ED: checkAllCiphers.pl and contrib/alertscript.pl added
    * OSaft/Doc/Data.pm: EF: fix for strange Perl behaviour on older Mac OSX
    * OSaft/Ciphers.pm: BF: list command returns sorted list of files
    * contrib/gen_standalone.sh: EF: check improved if source file exists
    * contrib/gen_standalone.sh: ET: less noisy "ls" if called by make (check OSAFT_MAKE variable)
    * contrib/gen_standalone.sh: ED: documentation for generated code improved
    * contrib/gen_standalone.sh: EF: handle comments with OSAFT_STANDALONE
    * contrib/o-saft.php: EF: improve: search for script to be called (no longer hardcoded)
    * contrib/INSTALL-template.sh: EF: options improved; --not-blind added, default is --blind
    * contrib/install_openssl.sh: EF: +VERSION and --version added
    * contrib/install_openssl.sh: EF: Install Perl modules using "perl -MCPAN" instead of building from .tgz
    * contrib/install_openssl.sh: EF: checking preconditions improved; building modules improved
    * contrib/install_openssl.sh: EF: option --m to install required Perl modules
    * contrib/install_openssl.sh: EF: adapting .o-saft.pl improved
    * o-saft-man.pm: EF: _man_squeeze() and _man_use_tty() implemented for --tty option
    * o-saft-man.pm: EF: output of man_help(), man_table() may have fixed width
    * o-saft-man.pm: EF: CSS improved for o-saft.cgi.html
    * o-saft: EF: option -line added
    * o-saft: EF: options -colour -blind and -prg=* added
    * o-saft*: EF: use print_pod() to print own help
    * o-saft-dbx.pl: EF: --test implemented
    * o-saft.pl: BF: allow $cfg{'ignore-out'} to set empty
    * o-saft.pl: BF: intended functionality of --enabled --disabled corrected
    * o-saft.pl: BF: initial time corrected if < 0: set $cfg{'time0'}
    * o-saft.pl: EF: use Encode::decode("UTF-8", ...) for all printed values
    * o-saft.pl: ED: formal changes in %ciphers (adaption to openssl 1.1.1k)
    * o-saft.pl: ED: useless debug output removed; avoid duplicate commands
    * o-saft.pl: EF: do not print same message (warning) multiple times; --warnings-dups added
    * o-saft.pl: EF: check for Extended master secret
    * o-saft.pl: EF: checking CA paths and files for Android improved
    * o-saft.pl: EF: options --format-* and --ty implemented
    * o-saft.pl: EF: TLS 1.3 cipher-suites added
    * o-saft.pl: EF: ciphers 0x00,0x7x added (ciphers for openpgp extension)
    * o-saft.pl: EF: warning and hint messages unified
    * o-saft.pl: EF: check for openssl executable only if openssl required
    * o-saft.pl: EF: --test implemented
    * o-saft.pl: EF: --test* options unified
    * o-saft.pl: EF: ECDHE-ECDSA-* ciphers are classified with "unknown" security
    * osaft.pm: EF: +http_body disabled by default
    * osaft.pm: EF: cfg{regex]{OWASP_AA} added; formal changes in %ciphers
    * osaft.pm: EF: cipher names adapted to openssl 1.1.1k
    * osaft.pm: EF: own _warn() and _dbx() if missing
    * osaft.pm: EF: export STR_MAKEVAL
    * osaft.pm: ED: formal changes; permanent hint texts defined here
    * osaft.pm: EF: cfg{warnings_no_dups} and cfg{warnings_printed} added
    * osaft.pm: EF: master_secret added to cmd-quick
    * osaft.pm: EF: ca_paths and ca_files improved for Android
    * osaft.pm: EF: new TLS_EXTENSIONS data structure
    * osaft.pm: EF: cipher suites from rfc6367 added
    * osaft.pm: EF: ca_paths[], openssl_cnfs[] improved
    * osaft.pm: EF: reserved ciphers removed from cipher ranges
    * osaft.pm: EF: ECDHE-ECDSA-* ciphers are classified with "unknown" security
    * osaft.pm: EF: primary and alias name of some RSA-PSK-AES* cipher changed
    * osaft.pm: ED: VERSION added for POD
    * o-saft: EF: cal o-saft.tcl if no STDOUT available
    * o-saft.cgi: EF: print all error for any invalid parameter
    * o-saft.cgi: ED: POD and internal documentation improved
    * o-saft.cgi: EF: pass parameter --format=html to o-saft.pl too
    * o-saft.cgi: EF: printing HTTP headers conditionally; --cgi-header and --cgi-no-header implemented
    * o-saft.cgi: EF: improved to check for invalid arguments without --*= prefix
    * o-saft.cgi: EF: disallow IPv4-mapped IPv6 addresses
    * o-saft.cgi: EF: disallow IPv4-mapped or incomplete  IPv6 addresses; disallow integer addresses
    * o-saft-*.pm: ED: documentation improved
    * t/Makefile*: ED: ALL.tests and ALL.tests.log are set in Makefile
    * t/Makefile*: ED: documentation improved
    * t/Makefile*: ET: --trace-CLI option added to most o-saft.pl calls 
    * t/Makefile*: ET: do not force setting of EXE.pl for testcmd-%
    * t/Makefile*: ET: qa.pod - check generated pod file
    * Makefile: EF: dependency on tags file improved
    * Makefile, t/Makefile*: ET: targets and documentation unified and improved
    * o-saft-dbx.pm: ED: description for ciphers_sorted and ciphers_overview improved
    * o-saft-dbx.pm: EF: avoid printing random value for cfg{time0} if OSAFT_MAKE ist set
    * o-saft-dbx.pm: EF: avoid printing random value for cfg{time0} if OSAFT_MAKE ist set
    * o-saft-dbx.pm: EF: $cfg{'trace*'} --> $cfg{'out'}->{'trace*'}
    * o-saft-dbx.pm: EF: $VERSION renamed to $mainsid to avoid conflicts withother modules
    * o-saft-dbx.pm: EF: output for --v improved (host:port/path)
    * o-saft-man.pm: EF: --h improved (remove internal markup)
    * o-saft-man.pm: EF: print own help if called without arguments
    * o-saft-man.pm: EF: mobile-friendly title= attributes in generated HTML
    * o-saft-man.pm: EF: help button to show o-saft.html for --help=cgi added
    * o-saft-man.pm: EF: setting document title in generated .html improved
    * o-saft.tcl: EF: docker_status_99x29_magenta.png added
    * o-saft.tcl: EF: filename for saving contains name of TAB
    * o-saft.tcl: EF: testing and debugging options --help-* renamed to --test-*
    * o-saft.tcl: EF: --help=opts option implemented
    * o-saft.tcl: EF: o-saft.pl initially called if +command arguments are given
    * o-saft.tcl: EF: --rc improved; contrib/.o-saft.tcl removed
    * o-saft.tcl: ED: searching for text starting with - in help text improved
    * o-saft.tcl: EF: debugging improved
    * o-saft.tcl: EF: avoid creating multiple option enty fields
    * o-saft.pl: EF: +traceSUB removed, is now --test-sub (see o-saft-dbx.pm 1.110)
    * o-saft.pl: EF: print ciphers for --no-enabled and --legacy=owasp also
    * o-saft.pl: EF: $VERSION renamed to $mainsid to avoid conflicts withother modules
    * o-saft.pl: EF: avoid duplicate settings in @INC; setting @INC simplified; set . but not ./
    * o-saft.pl: EF: --exitcode does not count "no (<<..>>)" results
    * o-saft.pl: ED: typos
    * o-saft.pl: EF: use URL if any to connect to target
    * Net/SSLhello.pm: $main::cfg{'trace*'} --> $Net::SSLhello::trace*
    * Net/SSLhello.pm: version string corrected
    * Net/SSLhello.pm: EF: usinag IANA constant names for cipher suites instead of openssl constant names
    * Net/SSLinfo.pm: ED: formal change: use $STR{WARN}
    * Net/SSLinfo.pm: EF: check for Extended master secret
    * Net/SSLinfo.pm: ET: improved verbose and debug messages
    * Net/SSLinfo.pm: EF: prepared for improved extracting of PEM data
    * Net/SSLinfo.pm: EF: empty headers in Net::SSLeay::get_http() removed
    * Net/SSLinfo.pm: EF: use URL if any to connect to target
    * Net/SSLinfo.pm: EF: --test-* and +VERSION options added
  NEW
    * t/Makefile: ET: set O-SAFT_MAKE
    * t/cloc-total.awk: EF: added
    * contrib/symbol.pl: new
    * contrib/*_completion_o-saft: EF: completion for o-saft.tcl added
    * contrib/INSTALL-template.sh: various adaptions to previous changes
    * t/Makefile: ET: set O-SAFT_MAKE
    * t/Makefile.misc: ET: testing CLI with *pm
    * t/Makefile.doc: ET: testing internal documentation
    * OSaft/Ciphers.pm: EF: --usage implemented
    * OSaft/Doc/help.txt: ED: --test* options added
    * OSaft/Doc/Data.pm: EF: --usage implemented
    * Net/SSLinfo.pm: EF: _verbose()
    * Net/SSLinfo.pm: EF: Net::SSLinfo::use_https and ::target_url added
    * o-saft.tcl: EF: --help=opts option implemented
    * o-saft.pl: EF: --use-https implemented
    * o-saft.pl: EF: new functionality: +public_key_len +session_id_ctx
    * o-saft.pl: EF: +sstp implemented
    * o-saft.pl: EF: print warning if --port used after host argument
    * o-saft-man.pm: EF: generate nroff format implemented
    * o-saft-man.pm: EF: message box for "CGI Usage Note" added to gen-cgi
    * o-saft-dbx.pm: ET: --test* option implemented
    * o-saft-dbx.pm: ET: write real date and time only if O-SAFT_MAKE environment variable does not exist

Version: 19.01.19
  BUGFIX
    * t/Makefile.*: BT: macro ALL.inc.type corrected
    * osaft.pm: BF: +fingerprint_sha2 honors --format=hex
    * o-saft.pl: BF: printing header (for list of ciphers) corrected
    * o-saft.pl: BF: "Ciphers: Summary" prints correct numbers if no ciphers found
    * o-saft.pl: BF: --legacy=key disabled; --label=key enabled (honors --header option)
  CHANGES
    * t/Makefile.*: ET: targets simplified and unified; critic345 implemented
    * o-saft.pl: EF: +cipher results are sorted according "severity/security risk"
  NEW
    * o-saft.pl: NF: --help=cmd and --help=cfg-cmd added
    * o-saft.pl: NT: +session_startdate and +session_starttime added
    * o-saft.pl: NF: new option --legacy=owasp for +cipher
    * o-saft.pl: NF: new option --label=long|short|key
    * o-saft.pl: NF: alias commands for CVEs added
    * t/Makefile.misc: targets for profiling

Version: 18.10.18
  BUGFIX
    * o-saft-docker: use correct VERSION in docker_build()
    * o-saft-man.pm: output for --help=cfg-text correctd
    * o-saft-man.pm: HTML encode << ; CSS improved
    * o-saft.pl: warning added if https request failed
    * o-saft.pl: --exit=MAIN corrected
    * o-saft.tcl: value None not highlighted
    * o-saft.tcl: --docker and --id=* handled correctly
    * t/Makefile.opt: added (missed at github)
    * t/Makefile: message-% rule description to avoid syntax errors
    * Makefile: missing files t/Makefile.exit, t/Makefile.FQDN added to ALL.Makefiles
    * Makefile: dependencies for generated files improved
  CHANGES
    * o-saft-docker: docker_build() uses OSAFT_VM_SHA_OSAFT environment variable
    * contrib/build_openssl.sh renamed to contrib/install_openssl.sh
    * o-saft-dbx.pm: trace and verbose output use cfg{prefix_trace} and cfg{prefix_verbose} instead of cfg{mename}
    * t/Makefile.*: various minor bugfixes
    * Makefile: install target improved
    * Net::SSLinfo.pm: set https_body to private string if https request fails
    * osaft: call other tools with proper path
    * osaft.pm: cipher suites for RFC 8446 (TLS 1.3) added
    * o-saft-man.pm: new button to change schema in generated o-saft.cgi.html
    * o-saft-man.pm: online documentation in generated html improved
    * --help: section TESTING added
    * o-saft.tcl: using o-saft.pl in docker container improved
    * t/o-saft_bench renamed to t/o-saft_bench.sh
    * t/Makefile* improved
  NEW
    * "help"-Button foreach --help=* in o-saft.cgi.html
    * --help=cipherpattern added
    * options -comp and -no_comp implemented (OP_NO_COMPRESSION)
    * Makefile.help: cloc* target added
    * o-saft-man.pm: cgi and html page provides discrete commands
    * o-saft-man.pm: cgi page provides input fields for options with values
    * o-saft-man.pm: "return to top" button in generated .cgi.html added

Version: 18.07.18
  BUGFIX
    * o-saft: pass $* instead of $@
    * o-saft-docker: check for image IDs corrected
    * o-saft-docker: ENTRYPOINT corrected; usage corrected
    * o-saft-docker: get correct number of ciphers from docker
    * o-saft.tcl: workaround for X error BadAlloc implemented
    * o-saft.tcl: highlight of code examples corrected
    * o-saft.tcl: size of help window adapted to larger font size
    * content of o-saft.tgz corrected (gernerated by makefile)
    * o-saft.pl: +cipher-dh requires openssl
    * o-saft.pl: use of $cfg{'openssl'}->{'-msg'} corrected
    * o-saft.pl: print warning when trying to read RC-file in cgi mode
    * o-saft.pl: avoid Use of uninitialized value in $CFG{sni_name}
    * o-saft.pl: avoid Use of uninitialized value in _init_openssldir()
    * o-saft-dbx.pm: avoid Use of uninitialized value $cfg{"sni_name"}
    * o-saft-man.pm: --help=html does not contain "start" buttons (like --help=cgi)
    * Net::SSLinfo.pm: initialize Net::SSLinfo::file_sclient
    * Net::SSLinfo.pm: verify_altname(); avoid uninitialized value
    * Net::SSLinfo.pm: verify_alias()
  CHANGES
    * +ocsp_response and +ocsp_stapling (check) implemented
    * print !!Hint when multiline data is not printed                                
    * "reading:" message only printed with --v or --warning
    * +vulns also contains: +compression +fallback +resumption +renegotiation
    * +compression is information (+info) and check (+check, +vulns)
    * o-saft-docker: build improved; build supports some environment variables
    * Dockerfile: handle master directory from github, move it to $OSAFT_DIR if found
    * Dockerfile: add -rpath flag to build SSLeay.so
    * o-saft_bench: write result on STDOUT instead of hardcoded file
    * o-saft_bench moved to test/
    * INSTALL.sh renamed to INSTALL-template.sh; INSTALL.sh generated by Makefile
    * LHS condition check
    * contrib/INSTALL-template.sh: improved (--check, --openssl)
    * contrib/Dockerfile.alpine:3.6 renamed to contrib/Dockerfile.alpine-3.6
    * Net::SSLhello.pm: better handling of SSL/TLS connection errors
    * prepared for +ccs
  NEW
    * o-saft.cgi: avoid infinite loop if no parameter given
    * o-saft.cgi: first parameter must be --cgi or --cgi=
    * contrib/build_openssl.sh
    * Makefile; complete test suite in test/Makefile*
    * INSTALL-template.sh
    * o-saft.tcl: +quit option (for usage in Makefiles)
    * o-saft.tcl: scrolling with keys and mouse whell in help window implemented
    * o-saft-man.pm: --help=exit implemented
    * o-saft-man.pm: POD added
    * o-saft: modes/options -gui -cli -docker added
    * o-saft-docker: mode sshx to tunnel X suing ssh

Version: 18.01.18
  BUGFIX
    * markup for generated documentation corrected
    * various Perl warnings (in rare runtime situations) fixed
    * hostname, SNI and certificate subject checks are case insensitive
  CHANGES
    * --help=tools added to give an overview of all tools comming with O-Saft
    * use of $cfg{'sni_name'} and $cfg{'usesni'} improved (--sni --no-sni --sniname= )
    * SSLv3 cipher checks are done without SNI (automatically disabled just for SSLv3)
    * simple connection check to avoid "hanging" connection
    * documentation moved from o-saft-man.pm to OSaft/Doc/help.txt
    * Net::SSLinfo.pm: treat "failed handshake" only as error when * Net::SSLinfo::ignore_handshake is not set
    * contrib/zap_config.xml: description improved
    * +version prints starting directory (PWD)
    * +sni command contains +certfqdn
    * detecting host and port improved
    * use relative instead of absolute timestamps for --traceTIME
  NEW
    * wrapper script: o-saft
    * --traceCLI option added
    * --std-format= options implemented (allows generating files with any charset)
    * o-saft.tcl: write result of o-saft.pl in Tcl table (experimental)
    * +robot ROBOT added
    * --ignore-handshake implemented
    * --time-absolut to write absolute timestamps for --traceTIME

Version: 17.11.17
  BUGFIX
    * o-saft.cgi: IPv6 addresses are not allowed
    * do not print prefered cipher for SSLv2, as it has no such cipher
    * no warning (401) for SSLv2 selected cipher
    * do not complain about cipher mismatch (warning 411) for SSLv2
    * missleading hint message for WARNING 126 corrected
    * check for bit-length of serial number corrected (approx aproach)
  CHANGES
    * --help=cgi generated HTML for cgi usage improved
    * +protocols and +vulns documentation added
    * warnings and hints improved if SNI used with/for SSLv3
    * remove non-printable characters from HTTPS Status line
    * Dockerfile: build Net::SSLeay and IO::Socket::SSL based on enhanced openssl-chacha
    * +cipherall uses same output format as +cipher
    * documentation improved
  NEW
    * o-saft.tcl: trace implemented; option --trace

Version: 17.09.17
  BUGFIX
    * bugfix: avoid sub-subdomain matching againt subdomain wildcard
    * bugfix: BEAST check (https://github.com/OWASP/O-Saft/pull/99)
    * Net::SSLinfo.pm: support timeout commands which require -t option (BusyBox)
    * Net::SSLinfo.pm: handle binary IP address in certificate's altname attribut
    * regex to detect port numbers in URL: {1,5} quantifier instead of {1-5}
    * Dockerfile: install perl-readonly for alpine also
  CHANGES
    * Dockerfile build openssl with GOST and KRB5 ciphers (for alpine:edge)
    * Dockerfile supports environment variables
    * Net::SSLinfo.pm: checking for Alt-Svc, X-Firefox-Spdy headers improved
  NEW
    * o-saft-docker: checks for proper installed images
    * o-saft-docker: rmi command implemented; status command improved

Version: 17.07.17
  BUGFIX
    * +tr-02102+ corrected (len_sigdump check)
    * check for redirect HTTP to HTTPs corrected (+http_https)
    * Net::SSLinfo.pm: do_ssl_new() improved (avoid "Segmentation fault" or "double free or corruption .. Abort" in rare cases)
    * o-saft.pl: setting ALPN and NPN options with Net::SSLeay improved (avoid "Segmentation fault" in rare cases)
    * warning message for --experimental corrected
    * avoid perl warning "Argument isn't numeric" for +tr_02102 checks
    * osaft.pm: export printhint()
    * print hint for +info commands also
  CHANGES
    * check for heartbleed only if requested
    * hint for DROWN check added
    * error and warning messages have a unique number
    * print warning for trailing spaces in options read from RC-file
    * contrib/gen_standalone.sh: generates working script
    * *.pl and *.om improved for use with contrib/gen_standalone.sh
    * o-saft-lib.pm: initialization of %cfg with dynamic data done in _osaft_init()
    * trace output improved
    * contrib/* more examples added
  NEW
    * --connect-delay implemented
    * --cipher-range=* implemented for +cipher command
    * OSaft/Doc/Glossary.pm, use OSaft::Doc::Rfc
    * contrib/JSON-*.awk
    * o-saft-lib.pm: new cipher-ranges: c0xx, ccxx, ecc
    * +host command (to display host and DNS information) added
    * --exit=WARN implemented
    * --v prints each checked cipher for +cipher
    * more aliases for commands and options added (mainly from testssl.sh)
    * new options: --hint-check and --hint-info

Version: 17.06.17
  BUGFIX
    * counting exitcode for -exitcode corrected
    * reading +commands from RC-FILE
  CHANGES
    * names of +cipher* commands unified
    * cfg{ciphers_openssl} --> cfg{ciphers_local}
  NEW
    * --rc=path/to/RC-FILE added
    * --cfg-cipher=CIPHER=TEXT added
    * +rfc_2818_names implemented
    * +subjectaltnames added (alias)

Version: 17.05.17
  BUGFIX
    * o-saft-lib.pm: missing commands added to need-cipher list
    * --protosnpn=, corrected
    * +selected does not need to check for all ciphers
    * enable ALPN and NPN when testeing for ciphers (+cipher)
    * NET::SSLinfo.pm: passing -alpn and -nextprotoneg option to openssl corrected
  CHANGES
    * missing ciphers and missing cipher descriptions added
    * +info does no onger complain for missing ALPN/NPN functionality
    * NET::SSLinfo.pm: checks improved to detect handshake fail for HTTPS
    * NET::SSLinfo.pm: ::next_protos replaced by ::alpn_protos and ::npn_protos
    * check and warning messages for available functionality improved
  NEW

Version: 17.04.17
  BUGFIX
    * NET::SSLinfo.pm: avoid "Segmentation fault" when connection fails
    * NET::SSLinfo.pm: pass errors from openssl to caller (simple workaround)
    * label texts corrected for modulus_size_oldssl and modulus_exp_oldssl
    * print correct OpenSSL version for +version
    * do not load NET::SSLinfo for +cipherraw
    * o-saft-lib.pm: +lucky13 requires a cipher check: added to list * 'need-cipher'
  CHANGES
    * NET::SSLinfo.pm: %_OpenSSL_opt and s_client_*() for openssl capabilities * implemented
    * NET::SSLinfo.pm: internal method _stcmd improved
    * o-saft.pl: warning message improved if connection without SNI fails
    * o-saft.pl: --ignore-no-reply option added for more proper +heartbleed check
    * o-saft.pl: +modulus_exp_size renamed to +modulus_exp_oldssl
    * o-saft.pl: +modulus_size renamed to +modulus_size_oldssl
    * o-saft.pl: -trace-time improved
    * o-saft.pl: +npn renamed to +hasnpn; label texts adapted
    * o-saft-lib.pm: @npn renamed to cfg{next_protos}; cfg{usealpn} and cfg{usenpn} added
    * documentation improved
    * _load_modules(), _check_versions(), _check_methods() implemented
  NEW
    * NET::SSLinfo.pm: new function _ssleay_ssl_np() to set ALPN and NPN option
    * NET::SSLinfo.pm: do_ssl_new() and do_ssl_free() implemented
    * --ssl-error --ssl-error-max --ssl-error-timeout implemented
    * o-saft.pl: +alpn and +npn implemented
    * o-saft.pl: remove leading spaces for options when reading .o-saft.pl
    * o-saft.pl: better checks for ancient perl modules; documentation improved
    * .o-saft.pl: new command +fingerprints
    * o-saft.tcl: --load=FILE option implemented

Version: 17.03.17
  BUGFIX
    * bugfix: remove eading spaces in some values
    * Net::SSLeay.pm: set NPN option when used with sockets
    * "use of uninitialized value" at _useopenssl() call
    * assume CGI mode with --cgi-exec
    * better check of cfg{ca_path} (avoid uninitialized value)
    * wrong ca_path instead of ca_paths in trace output
    * don't complain "need Time::Local module for this check"
  CHANGES
    * +ocsp (check) command renamed to +ocsp_uri
    * +ocsp-subject-hash +ocsp-public-hash
    * o-saft-man.pm: HTML generated by --help=cgi improved
    * o-saft-man.pm: improved for --help=cgi (Full GUI)
    * o-saft-man.pm: improved for --help=cgi (Simple GUI)
    * Net::SSLinfo::::protocols renamed to ::next_prots
    * check withh --yeast-data improved
    * better check for Time::Local
    * +version reports information about Time::Local
    * documentation for options improved
  NEW
    * +ocsp (in .o-saft.pl)
    * +fingerprint_sha2
    * osaft.pm: @npn - list for NPN added
Version: 17.01.17
  BUGFIX
    * avoid useless data checks for +info command
    * no heartbleed check for +info
    * output format for +ocspid corrected
    * Net::SSLinfo.pm: parsing and extracting data for ocsp* corrected
    * Net::SSLinfo.pm: ocspid fully returned (workaround for openssl problem with "x509 -ocspid")
    * +selfsigned returns correct value (yes) if not self signed
    * +fingerprint_type returns type without additional strings
    * using path for --ca-path corrected
  CHANGES
    * --exitcode counts weak ciphers and protocols also
    * .o-saft.pl: documentation improved
    * +fingerprint_sha is alias for +fingerprint_sha1
  NEW
    * options --exitcode-no-* implemented
    * options --file-sclient= and --file_pem= added
    * +fallback_protocol implemented
    * options -CAfile and -CApath (as alias) added

Version: 16.12.16
  BUGFIX
    * processing commands and options improved (more variations allowed)
    * avoid crash if IO::Socket::SSL::get_sslversion() is missing
    * close and open socket if SSL connection failed
    * avoid "Segmentation fault" when X509 data is missing
    * avoid "Segmentation fault" when $x509 is empty or undef
  CHANGES
    * checking for (default) selected cipher improved
    * better error handling if connection to target fails
    * o-saft-man.pm: layout for +help=* commands improved
    * o-saft-dbx.pm: print exitcode with --trace only
    * Net::SSLinfo.pm: set user-specified timout for TCP and SSL connection
  NEW
    * +fingerprint-sha2 implemented
    * +cipher-default implemented
    * --rc option implemented
    * --socket-reuse added and implemented
    * o-saft.tcl: STDOUT button added
    * contrib/zap_config.xml added

Version: 16.11.16
  BUGFIX
    * avoid perl warning when checking certificate dates
    * better check for ext_crl and ocsp_uri (avoid perl warnings)
    * osaft.pm: regex->TR-02102  corrected
    * .o-saft.pl: cmd-info should not contain selected
  CHANGES
    * o-saft-man.pm: description for TR-02102-2 (2016-01) instead of TR-02102-2 (2013-01)

Version: 16.11.14
  BUGFIX
    * Net::SSLinfo.pm: avoid "Segmentation fault" if $x509 is empty or undef
    * avoid "Use of uninitialized value ..." in some rare cases
    * *ARIA-* cipher descriptions improved
  CHANGES
    * Net::SSLinfo.pm: support modern Net::SSLeay::CTX_* methods
    * Net::SSLinfo.pm: better check if X509 certificate data is available
    * Net::SSLinfo.pm: test_ssleay -> ssleay_test
  NEW
    * Net::SSLinfo.pm: new ssleay_methods()

Version: 16.09.29
  BUGFIX
    * avoid "Use of uninitialized value ..." for $version::VERSION (see issue 51)
    * PSK-* cipher descriptions improved; PSK-* cipher descriptions improved
    * check for CN improved (DV and EV certificates)
    * contrib/.o-saft.tcl: syntax error corrected
    * some regex non-capturing groups corrected (parsing options only)
  CHANGES
    * commands for cipher checks unified (+*_cipher); alias commands added
    * check for CRIME improved (SPDY/3 is vulnerable)
    * Net/SSLinfo.pm: sequence for "nextprotoneg" reversed (weakest first)
  NEW
    * searching documentation improved
    * return exit status for checks with result with option --exitcode
    * +cnt_checks_no and +cnt_checks_yes implemented
    * +cbc_cipher and +des_cipher command added
    * ARIA ciphers descriptions added
    * cfg(TKPOD) added (external viewer for POD files)

Version: 16.09.16
  BUGFIX
    * filter scripts contrib/* adapted to new formats; print all lines
  CHANGES
    * files removed: generate_ciphers_hash, openssl_h-to-perl_hash, INSTALL-devel.sh
  NEW
    * INSTALL.sh

Version: 16.08.01
  BUGFIX
    * print warning if OPENSSLDIR is missing (see https://github.com/OWASP/O-Saft/issues/29 )
    * remove trailing path when compareing FQDNs
    * output for --legacy=compact corrected (bug since 1.407)
    * handle arguments after --trace option correctly
    * don't call openssl if not available
    * avoid "uninitalited value" in checks if no certificate data is available
  CHANGES
    * --v print performed cipher checks
    * better check of required versions; warning messages unified
    * o-saft-man.pm: "Using outdated modules" section added; documentation improved
  NEW
    * o-saft.tcl: quick access for O-Saft options added
    * Net::SSLinfo.pm: detect more SPDY protocols (h2c,npn-spdy/2) and X-Firefox-Spdy

Version: 16.08.01
  BUGFIX
    * handle missing data in .o-saft.tcl properly
    * bugfix: on some Mac OS X tk_getSaveFile has no -confirmoverwrite option
  CHANGES
    * use IO::Socket::SSL without version, but warn if not sufficient
    * o-saft.tcl: layout improved
  NEW
    * Sweet32 implemented and added to glossar
    * HEIST added to glossar

Version: 16.06.01
  BUGFIX
    * check for supported ciphers uses full match
    * parsing X509 data improved (avoids: Use of uninitialized value ...)
    * missing host and port parameter added in some check* functions added
    * +sts_maxage0d checks corrected (check if STS reset aka max-age=0)
    * o-saft.tcl: do not set tooltip if fontchooser misses
    * do not print Cipher Summary for legacy formats
    * print selected ciphers from --legacy=format only once
    * allow mixed case in customized texts (--cfg-*= options)
    * --legacy=sslscan without perl warnings
    * some texts corrected in o-saft.tcl
  CHANGES
    * o-saft.tcl: better detection of section header lines in help
    * o-saft.tcl: context sensitive help buttons
    * o-saft.tcl: hash-bang line improved
    * o-saft-README disabled as most people are not willing to read it
    * critic.sh: check for potential repository files and skipp check for them
  NEW
    * Sweet32 implemented and added to glossar
    * HEIST added to glossar
    * new commands can be added with --cfg-cmd=*
    * +hsts_httpequiv +hsts_preload added
    * o-saft.tcl: home, back, next button added

Version: 16.05.10
  BUGFIX
    * print properly aligned text for --help=cfg-*
    * output for "Total number of checked ciphers" corrected
    * +ciphers command honors --legacy option
    * avoid perl warning "Argument isn't numeric" when getting bits of a cipher
  CHANGES
    * --help=* simplified (formal change)
    * printing of internal data with --help=* simplified and unified
    * --cfg-* settings improved
    * print Hint for +renegotiation check
    * Net::SSLinfo.pm: new variables: starttls and proxy*
  NEW
    * --help=hint implemented
    * --hint and --no-hint implemented
    * man_alias() implemented for --help=alias
    * man_pod() implemented for --help=gen-pod
    *

Version: 16.04.14
  CHANGES
    * %cfg no defined in osaft.pm only
    * use !!Hint instead of **Hint
    * description for compliance checks improved
  NEW
    * +crl_valid, +ocsp_valid: check if CRL and OSCP from certificate are valid
    * +rfc7525 implemented
    * contrib/.o-saft.tcl

Version: 16.04.02
  CHANGES
    * perlcritic: eval, grep with block form
    * perlcritic: use lexical loop iterator
    * documentation improved
    * o-saft.tcl: table of content improved for help
    * o-saft.tcl: don't show button for empty configuration window
  NEW
    * --checks implemented (compatibility with TLS-Check.pl)
    * osaft_sleep() as wrapper for IO::select added
    * +sts_expired added: STS max-age < certificate's validity
    * new options --starttls-phase* and --starttls-error*
    * contrib/critic.sh added

Version: 16.03.30
  BUGFIX
    * Net/SSLinfo.pm: prototypes for do_openssl() and do_ssl_open() corrected
    * Net/SSLhello.pm: constants added; $me* variables removed
    * Net/SSLhello.pm: setting _trace variable in version() removed
  NEW
    * Net/SSLinfo.pm: dummy function net_sslinfo_done() added
    * Net/SSLhello.pm: dummy function net_sslhello_done() added

Version: 16.03.27
  CHANGES
    * o-saft.pl: configuration moved to osaft.pm
  NEW
    * +drown check for DROWN attack vulnerability

Version: 16.03.26
  CHANGES
    * o-saft.pl: configuration moved to osaft.pm

Version: 16.03.16
  BUGFIX
    * duplicate hint message for +quit corrected
  CHANGES
    * o-saft-dbx.pm: _yeast_args() improved
    * o-saft-man.pm: Program Code documentation improved
    * o-saft-man.pm: typos corrected and more glossar
  NEW
    * o-saft-man.pm: hint to check Net::SSLeay methods added to INSTALLATION
    * --slow-server-delayand --sni-toggle added

Version: 16.01.16
  BUGFIX
    * duplicate hint message for +quit corrected
  CHANGES
    * most configuration now in osaft.pm
  NEW
    * experimental: SLOTH check
    * contrib/bunt.pl: postprocess script to colourize shell output
    * contrib/bunt.sh: postprocess script to colourize shell output

Version: 30.12.15
  BUGFIX
    * do not print cipher summary if no ciphers were checked
    * --help=wiki prints wiki list items with leading : (colon)
    * pretty-print path in output for +version
  CHANGES
    * USAGE improved; no more +cipher as default command
    * checking DH parameters simplified
    * +version prints path of included (use) module
    * _trace_1arr() renamed to _trace_cmd()
    * INSTALLATION section improved
    * help: SECURITY section moved to top
    * collect *ARG* variables in %cfg for debugging
    * o-saft_bench: output format improved; accept host as parameter
  NEW
    * description for some more CHACHA cipher suites added
    * --exit=* for debugging implemted
    * --trace-me and --trace-not-me implemented
    * +cipher-sh implemented
    * o-saft-man.pm: INSTALLATION section

Version: 15.12.15
  BUGFIX
    * some command aliases corrected
    * label for protocols corrected
  CHANGES
    * report ciphers with DH parameters if possible
    * description of compatibility options improved
  NEW
    * description for KCI and Invalid Curve Attack
    * new options --format=0x and --format=\x
    * more command aliases

Version: 15.11.15
  BUGFIX
    * o-saft-dbx.pm: avoid infinite loop for trace>2
  CHANGES
    * avoid warning if protocol disabled: cannot get default cipher
    * warning if openssl does not return DH parameters
    * checking DH paramters improved
    * workaround to avoid perl (Net::SSLeay) warnings for unsupported protocols
  NEW
    * --help=error --help=warning --help=problem added

Version: 15.10.15
  BUGFIX
    * Net::SSLinfo.pm: call Net::SSLeay::CTX_set_ssl_version() corrected
    * Net::SSLinfo.pm: alpn(), next_protocol() added
    * Net::SSLinfo.pm: handling of hex conversion on poor 32-bit systems improved
    * o-saft.tcl: quick & dirty fix to simplefy startup on Mac OSX
  CHANGES
    * o-saft.pl: checking protocols (and default) cipher improved
    * o-saft-dbx.pm: debug output improved
    * o-saft.tcl: layout improved
    * Net::SSLinfo.pm: more alternate protocols
  NEW
    * --linux_debug and --slowly option (passed to Net::SSLeay)
    * o-saft.pl: print hint about using +cipherall
    * o-saft.tcl: new Filter TAB; more filter rules
    * o-saft.tcl: more verbose output added

Version: 15.09.15
  CHANGES
    * output for +version improved
    * use perl constants for some strings in o-saft.pl
    * o-saft.tcl improved
    * respect --no-header option for output of --help=*
    * documentation, glossar improved
  NEW
    * new command  +help=ourstr  to print regex for matching own strings
    * logjam implemented

Version: 15.06.19
  BUGFIX
    * handle checks for EC public keys correctly
    * DTLSv09 is 0x0100
    * missing shorttexts added
    * support serial number in hex format; use Math::BigInt if necessary
    * check for +sernumber corrected
  CHANGES
    * all o-saft-*.pm print help if called by themselfs
  NEW
    * dh_parameter implemented
    * detect id-ecPublicKey as known and good encryption
    * support public key with EC parameters
    * DTLSv1x added (experimental)
    * +modulus_exp_size +modulus_size and +pub_encryption implemented

Version: 15.06.09
  BUGFIX
    * setting of path for CAs corrected (when --openssl=Tool is used)
    * using --openssl=TOOL corrected
  CHANGES
    * use VERSION as string constants
    * using string constants
  NEW
    * _yeast_prot() implemented in o-saft-dbx.pm
    * +session_protocol added to +protocols
    * +session_protocol +session_timeout added
    * improved +version

Version: 15.05.15

Version: 15.04.15
  CHANGES
    * o-saft.tcl markup for help text improved
    * support proxy and STARTTLS (no longer experimental)
  NEW
    * prepared for RFC 7525 check

Version: 15.04.05
  CHANGES
    * some texts for compliance texts changed
  NEW
    * --ignore-{cmd,output, --no-{cmd,output} implemented

Version: 15.04.04
  CHANGES
    * o-saft-dbx.pm: added $cfg{'ignore-out'}

Version: 15.04.02
  BUGFIX
    * check for wildcards in certificate's CN also


Version: 15.01.07
  BUGFIX
    * avoid huge memory consumtion (fix for issue/39)
  CHANGES
    * command line parsing improved
  NEW
    * new files in contrib/

Version: 14.12.07
    * new tarball

Version: 14.11.23
  BUGFIX
    * text for checks{hostname} corrected (check was ok, but proided text not accurate)
  CHANGES
    * cipherrange vor SSLv2 improved
  NEW
    * pass --mx option to SSLhello
    * pass --starttls-delay=SEC option to SSLhello
    * Net::SSLinfo hostname for SNI can be specified in $Net::SSLinfo::use_SNI
    * --sni-name=NAME added

Version: 14.11.22
  BUGFIX
  CHANGES
    * o-saft-man.pm: generating various formats improved
  NEW
    * new check: Certificate private key signature is SHA2
    * .o-saft.pl new check sha2signature added to +check and +quick

Version: 14.11.21
  BUGFIX
    * missing useecc parameter passed to Net::SSLhello
    * --h same as --help
    * better handling of results for +sigkey_algorithm
  NEW
    * --use-ec-point option passed to Net::SSLhello

Version: 14.11.20
  CHANGES
    * get VERSION for --help from caller
  NEW
    * o-saft-man.pm

Version: 14.11.19
  CHANGES
    * documentation improved
  NEW
    * o-saft-man.pm

Version: 14.11.18
  CHANGES
    * markup in documentation improved

Version: 14.11.17
  BUGFIX
    * check version mismatch

Version: 14.11.16
  CHANGES
    * beast-default removed

Version: 14.11.15
  NEW
    * --help=opt and --help=options implemented

Version: 14.11.14
  NEW
    * check for Poodle attack
    * --trace-time implemented
    * o-saft-dbx.pm: trace command prints timestamp for --trace-time
    * options for +cipherraw command documented
  BUGFIX
    * --showhost  print host:port
    * keys in internal hashes in lower case letters
    * .o-saft.pl: duplicate commands in -cfg_cmd=check removed
  CHANGES
    * _yeast_init() prints SSL versions to be checked with --v
    * .o-saft.pl: list of commands for +quick improved

Version: 14.10.12
  NEW
    * --cipherrange=shifted

Version: 14.07.27
  CHANGES
    * formal changes

Version: 14.07.26
  BUGFIX
    * @INC set in BEGIN{}

Version: 14.07.25
  CHANGES
    * using (require) modules and files simplified; documentation improved
    * warnings unified and improved
    * o-saft-usr.pl: usr_version() and usr_pre_init() added; formal (name) changes
  NEW
    * +TLS_FALLBACK_SCSV added
    * +VERSION implemented

Version: 14.07.18
  CHANGES
    * +ciphers and +list command improved (handle different output formats)

Version: 14.07.17
  BUGFIX
    * corrected output (counts) for command  +list --v
  CHANGES
    * cipher descriptions improved; missing descriptions added
    * print version mismatch (openssl vs. Net::SSLeay)
    * lazy commands added

Version: 14.07.16
  BUGFIX
    * avoid uninitialized value and WARNING messages for some commands
  CHANGES
    * options -v and -V improved
    * formal changes

Version: 14.07.15
  BUGFIX
    * avoid uninitialized value in +list command

Version: 14.07.14
  CHANGES
    * cipher descriptions improved; security and score qualification adapted

Version: 14.07.07
  CHANGES
    * check for low memory
    * backticks replaced by qx()

Version: 14.06.30
  CHANGES
    * TECHNICAL INFORMATION added
  NEW
    * --starttls=PROT added (experimental)
    * --ssl-maxciphers added

Version: 14.06.16
  BUGFIX
    * printing warnings enabled
  CHANGES
    * --experimental option added

Version: 14.06.15
  CHANGES
    * formal changes

Version: 14.06.14
  BUGFIX
  CHANGES
    * printmediawiki() moved to o-saft-usr.pm::usr_printwiki()
    * commands unified: +gen-html +gen-wiki +gen-cgi

Version: 14.06.13
  BUGFIX
    * bugfix: parsing --trace (without argument) corrected (bug since 14.06.08)
    * honor --noSSL options for +cipherraw command
  CHANGES
    * improvements for CGI usage; internal option --cgi-exec
    * formal changes in documentation

Version: 14.06.12
  CHANGES
    * avoid error messages when gethostbyaddr() fails

Version: 14.06.11
  CHANGES
    * store all --usr* options and arguments in $cfg{'usr-args'}

Version: 14.06.10
  BUGFIX
    * avoid perl's uninitalized value after GET request
    * +cipher and cipherraw (commnad line parsing) corrected
    * no SNI for SSLv3 with +cipherraw

Version: 14.06.08
  CHANGES
    * --no-rc option added
    * scanning options and arguments from command line simplified and improved
  NEW
    * --help=range implemented
    * +quit command implemented

Version: 14.06.07
  CHANGES
    * -ssl-* options for +cipherraw command added; check with and without SNI for +checkraw

Version: 14.06.05
  CHANGES
    * +version improved (print more informations about Net::SSLeay)

Version: 14.06.04
  BUGFIX
    * bugfix: print usage with correct script name

Version: 14.06.01
  NEW
    * --cipherrange=RANGE implemented; +cipherall supports full range

Version: 14.05.31
  CHANGES
    * print $Net::SSLhello::VERSION with --trace and --version

Version: 14.05.27
  BUGFIX
    * using scalar() instead of length() for array

Version: 14.05.26
  NEW
    * --help=wiki implemented

Version: 14.05.25
  CHANGES
    * avoid some check warnings for +cipherall

Version: 14.05.24
  NEW
    * --no-md5-cipher implemented (avoids some error messages)

Version: 14.05.23
  BUGFIX
    * avoid some checks and connections if not required by given command

Version: 14.05.22
  CHANGES
    * better compatibility to ssldiagnose.exe
    * compatibility ssl-cert-check, THCSSLCheck
  NEW
    * +constraints check implemented
    * --protocol SSL implemented; better compatibility to ssldiagnose.exe
    * --printavailable as alias for +ciphers

Version: 14.05.21
  BUGFIX
    * +ciphers command re-enabled

Version: 14.05.21
  NEW
    * +tlsextensions implemented

Version: 14.05.20
  CHANGES
    * +ext_* commands enabled
    * more TLS extensions added

Version: 14.05.17
  BUGFIX
    * parsing command line argunents improved

Version: 14.05.16
  CHANGES
    * output for --legacy=compact improved

Version: 14.05.15
  CHANGES
    * output for --tracecmd improved
    * output for --no-http improved
    * passing options and arguments to openssl improved

Version: 14.05.14
  CHANGES
    * detect more TLS extensions; +heartbeat and --no-tlsextdebug implemented

Version: 14.05.13
  NEW
    * prepared for TLSv1.3

Version: 14.05.12
  NEW
    * +cipherall implemented with Net/SSLhello.pm; ALPHA version!
    * Net/SSLhello.pm

Version: 14.05.11
  CHANGES
    * some missing cipher descriptions added

Version: 14.05.10
  BUGFIX
    * "None" values are mainly treated as "no" for checks

Version: 14.05.09
  BUGFIX
    * setting default +cipher command corrected if no command given
    * bugfix: avoid "Broken Pipe" if connection fails

Version: 14.05.08
  BUGFIX
    *
  CHANGES
    * o-saft-dbx.pm: _yeast_init() improved

Version: 14.05.07
  BUGFIX
    * missing descriptions for KRB5* ciphers added

Version: 14.05.07
  CHANGES
    * print warning for invalid command combinations (defense, user-friendly programming)

Version: 14.05.06
  NEW
    * --ssl-lazy option implemented

Version: 14.05.05
  NEW
    * --no-warning implemented

Version: 14.04.28
  NEW
    * +cipherall ALPHA version implemented

Version: 14.04.27
  CHANGES
    * more _trace*() functions added

Version: 14.04.26
  NEW
    * --proxy* options added (but no functionality)

Version: 14.04.24
  BUGFIX
    * output corrected for  --showhost --legacy=full
  CHANGES
    * improved path settings for windows

Version: 14.04.10
  NEW
    * +heartbleed implemented

Version: 14.02.17
  BUGFIX
    * +sts implies --http
    * +sts command re-implemented

Version: 14.02.01
  BUGFIX
    * use SNI if possible for cipher checks (+cipher command)
  CHANGES
    * +version improved
  NEW
    * --force-sni added

Version: 14.1.31
  CHANGES
    * code cleanup

Version: 14.1.30
  CHANGES
    * --cipher no longer alias for +cipher so we can support "--cipher CIPHER" option

Version: 14.1.29
  CHANGES
    * code cleanup for checkciphers()
    * check Net::SSLeay::cipher_local() can return array
    * check Net::SSLeay::VERSION < 1.49

Version: 14.1.28
  CHANGES
    * +default can get cipher using openssl

Version: 14.1.27
  BUGFIX
    * parsing options and commands improved
  CHANGES
    * documentation improved
    * +quick command uses common output format (instead of --legacy=quick)

Version: 14.1.26
  CHANGES
    * typos documentation corrected
  NEW
    * --call=METHOD implemented

Version: 14.1.25
  CHANGES
    * allow --exe-path=PATH and --lib-path=PATH
    * --lib= and --exe= can be used multiple times
    * debugging improved; _yeast_args() added; _yeast_init() improved

Version: 14.1.24
  CHANGES
    * allow --exe-path=PATH and --lib-path=PATH
    * --lib= and --exe= can be used multiple times
    * debugging improved; _yeast_args() added; _yeast_init() improved

Version: 14.1.23
  BUGFIX
    * +pfs command enabled
  CHANGES
    * SSL protocol options (SSL version, cipher list) improved
    * collecting SSL information improved
  NEW
    * commands +options +sslversion +cert_type +error_verify +error_depth

Version: 14.1.22
  BUGFIX
    * +default command enabled
    * avoid uninitialized value
  CHANGES
    * set SSL protocol version for connections
    * Net::SSLinfo::do_ssl_close() with version list parameter

Version: 14.1.21
  NEW
    * existing socket for connection can be provided with $Net::SSLinfo::socket
    * usr_pre_open() added

Version: 14.1.12
  UPDATE
    * get list of ciphers improved: cipher_list() uses Net::SSLeay::new() to get list of ciphers
  NEW
    * new sub usr_pre_info() in o-saft-usr.pm

Version: 14.1.4
  BUGFIX
    * bugfix: regex for pubkey_value on windows
    * bugfix: empty len_public_key and len_sidump on windows corrected
  UPDATE
    * documentation improved

Version: 14.1.3
  BUGFIX
    * bugfix: avoid perl warning for +cipher
    * bugfix: avoid perl warning in Net::SSLinfo::do_openssl()

Version: 14.1.2
  BUGFIX
    * bugfix: avoid perl warning in Net::SSLinfo::do_openssl()

Version: 14.1.1
  NEW
    * option --win-CR implemented

Version: 13.12.31
  BUGFIX
    * bugfix: separator in output for --trace-corrected
    * bugfix: no checks for master_key and session_id to avoid perl warnings
    * bugfix: initialization of check values corrected
  UPDATE
    * Net::SSLeay initialization inside BEGIN{}
    * use Net::SSLeay::set_tlsext_host_name() for SNI

Version: 13.12.30
  BUGFIX
    * check for +ev improved
  NEW
    * +dv command and checks added

Version: 13.12.29
  BUGFIX
    * bugfix: missing \n added when printing checks with --legacy=full
  UPDATE
    * check for CN= in checkev()
    * +ev improved
    * special handling for +ev removed (use --legacy=full now)

Version: 13.12.28
  NEW
    * +chain_verify command added
    * documentation according +verify, +selsigned added

Version: 13.12.27
  NEW
    * options --ca-file  --ca-path --ca-depth implemented

Version: 13.12.26
  BUGFIX
    * print hostname correctly with --showhost
    * reset checks when multiple hosts are given
    * --tracekey and --showhost was missing for +check

Version: 13.12.25
  NEW
    * --usr option for o-saft-usr.pm implemented
    * new file o-saft-usr.pm

Version: 13.12.24
  NEW
    * --tab option added
    * contrib file

Version: 13.12.21
  UPDATE
    * --help=cfg_{check,data,text} and --cfg_{check,data,text}= implemented the same way

Version: 13.12.20
  UPDATE
    * don't read external files in CGI mode

Version: 13.12.19
  UPDATE
    * formal changes
    * --yeast implemented to call _yeast_data()
    * _yeast_data() improved; documentation improved in o-saft-dbx.pl
    * don't read external files in CGI mode

Version: 13.12.18
  UPDATE
    * --cfg_* configuration options implemented
    * CUSTOMIZATION description added

Version: 13.12.17
  UPDATE
    * samples to redefine texts in Deutsch added in .o-saft.pl
    * --cfg_text* implemented
    * print internal data with --help=* simplified
    * --set-score renamed to --cfg_score
Version: 13.12.16
Version: 13.12.15
  BUGFIX
    * (issue 16) define $_timeout variable when missing (Mac OS X problem)
    * reading score values from files corrected; allow + in score settings
  UPDATE
    * get subject_hash and issuer_hash from Net::SSLeay
    * commands issuer and issuer_hash added to --cfg_cmd-info in .o-saft.pl
  NEW
    * +chain to retrive Certificate Chain implemented
    * +protocols to retrive supported protocols by target (requres openssl
      with -nextprotoneg support)

Version: 13.12.14
  NEW
    * Serial Number <= 20 octets (RFC5280, 4.1.2.2. Serial Number)
    * new commands len_sernumber and sernumber added to --cfg_cmd-check in .o-saft.pl

Version: 13.12.13
  UPDATE
    * documentation improved (better English)

Version: 13.12.12
  BUGFIX
    * error handling for DNS corrected (if something failed)
    * no scoring for +info (avoids some "unitialised" warnings too)
    * avoid some warnings with --cmd-* in .o-saft.pl
    * reverse hostname computation corrected
    * --cfg_cmd-check withoud valid command in .o-saft.pl
  NEW
    * --cfg_cmd-quick added in .o-saft.pl

Version: 13.12.11
  BUGFIX
    * STS check corrected
  UPDATE
    * +http improved
    * huge code cleanup; checks improved; scoring now in sub scoring()
    * Net/SSLinfo.pm: hsts_pins renamed to https_pins; hsts renamed to https_sts
  NEW
    * o-saft-README file implemented
    * o-saft-dbx.pm with functions for debug, trace and verbose output
    * .o-saft.pl as local resource file implemented
    * --cfg_text-*  and --cfg_cmd-* options implemented

Version: 13.12.09
  UPDATE
    *  duplicate messages removed

Version: 13.12.08
  BUGFIX
    * bugfix: check for renegotiation and resumption corrected
  UPDATE
    * --no-header avoids printing most formating lines

Version: 13.12.07
  BUGFIX
    * --showhost works for +check too
    * checks corrected if --no-http was used
    * checks improved  if --no-cert was used
    * bugfix: missing (..) added in sub checkhttp
  UPDATE
    * code cleanup and simplified, all %check_* --> %checks
    * documentation improved
  NEW
    * --help=cmd, --help=commands, --help=intern

Version: 13.11.30
  UPDATE
    * _yeast_data() implemented; documentation improved for o-saft-dbx.pm
    * cleanup for texts

Version: 13.11.29
  BUGFIX
    * some warnings (perl -w) corrected (for --no-cert option)
  UPDATE
    * code cleanup for checkssl()
    * output for +check sorted
    * output improved for --no-cert option

Version: 13.11.28
  UPDATE
    * check hostname vs. certificate name improved

Version: 13.11.27
  UPDATE
    * omit cipher checks if protocoll not supported for BSI TR-02102

Version: 13.11.26
  BUGFIX
    * better extraction of certificate extensions details
  NEW
    * check invalid characters in extensions added

Version: 13.11.25
  BUGFIX
    * checks for CRL, OCSP corrected;
    * missing EV checks for AIA, CRL and OCSP added
    * ouput of certificate extensions corrected
  NEW
    * commands for details of certificate extensions added
      ext_authority, ext_cps, ext_crl, ...

Version: 13.11.23
  NEW
    * +extensions implemented; --header, --no-header implemented

Version: 13.11.22
  BUGFIX
    * print cipher totals for all versions; some texts unified

Version: 13.11.21
  BUGFIX
    * "Given hostname is same as reverse resolved hostname" ccorrected
    * check for wildcards in TR-02102-2 compliance corrected
    * +info--v command fixed; _dump() call
  UPDATE
    * texts and output layout unified; prepared for configurable texts
    * debug, trace and verbose functions are emty stubs, now in o-saft-dbx.pm
  NEW
    * o-saft-dbx.pm with functions for debug, trace and verbose output

Version: 13.11.20
  UPDATE
    * texts and output layout unified; prepared for configurable texts
    * certificate's date checks improved

Version: 13.11.19
  BUGFIX
    * some warnings (perl -w) corrected
    * perl warnings fixed for +version command
  UPDATE
    * --trace command improved
    * function calls unified
    * using temporary variables for better (human) readability
  NEW
    * --trace=VALUE implemented; --trace-cmd implemented

Version: 13.11.18
  UPDATE
    * function calls unified
    * using temporary variables for better (human) readability

Version: 13.11.17
  BUGFIX
    * missing labels in output added
    * +bsi does not inhibit other checks
    * +quick with more check (got lost with implementation of +bsi)
  UPDATE
    * some labels in output improved
    * +quick improved with labels

Version: 13.11.16
  UPDATE
    * missing security flag for some ciphers added; documentation improved

Version: 13.11.15
  UPDATE
    * RC4 ciphers degraded as weak

Version: 13.11.14
  UPDATE
    * documentation and glossar improved

Version: 13.11.13
  NEW
    * compliance check: BSI TR-02102 implemented; command +bsi

Version: 13.11.12
  UPDATE
    * glossar improved

Version: 13.11.11
  BUGFIX
    * parsing altname in certificate corrected
  UPDATE
    * +sts alias for +hsts
  NEW
    * check for RC4 implemented

Version: 13.10.22
  UPDATE
    * retrive target data for: krb5 psk_hint psk_identity srp master_key session_id session_ticket

Version: 13.10.20
  BUGFIX
    * connecting with openssl improved for openssl 1.0.1.e
  UPDATE
    * --v honored in various modes
    * --format=hex  includes +fingerprint
  NEW
    * reading options and arguments from rc-file implemented

Version: 13.10.19
  BUGFIX
    * more improvements for perl's -w
    * Net::SSLinfo::do_openssl() uses optional $data parameter; code improved

Version: 13.10.18
  BUGFIX
    * bugfix: variable syntax corrected; more improvements for perl's -w

Version: 13.10.17
  BUGFIX
    * code improved for perl's -w

Version: 13.10.16
  BUGFIX
    * syntax improved for ActivePerl
  UPDATE
    * INSTALLTION part added to README file

Version: 13.10.14
  BUGFIX
    * --cmd=quick is same as +quick
    * --help=checks instead of --help=check

Version: 13.10.11
  BUGFIX
  UPDATE
    * --v honored in various modes
    * --format=hex  includes +fingerprint
  NEW
    * description for CIPHER NAMES

Version: 13.09.29
  BUGFIX
    * check --envlibvar= option
    * +cipher command corrected
  UPDATE
    * fomal code changes in checkciphers()
  NEW
    * --force-openssl implemented to use openssl for cipher checks

Version: 13.09.28
  BUGFIX
    * s_client command corrected
    * PFS check label text corrected
    * Net::SSLinfo::do_openssl() supports ciphers command correctly
  NEW
    * EV-SSL checks implemented
    * +subject_ev implemented

Version: 13.09.27
  UPDATE
    * minor changes of output texts
  NEW
    * --format=hex implemented

Version: 13.09.25
  UPDATE
    * regex and check for compliance and attacks improved

Version: 13.09.16
  BUGFIX
    * label for EDH check corrected
    * RegEx ADHorDHA and DHEorEDH corrected
  UPDATE
    * glossar improved
  NEW
    * --format=raw implemented

Version: 13.09.15
  BUGFIX
    *  +list command exits
  NEW
    * check  for CRIME implemented

Version: 13.09.14
  BUGFIX
    * BEAST check for default cipher corrected

Version: 13.09.13
  UPDATE
    * documentation improved
    * huge amount of code cleanup (no change of functionality)

Version: 13.09.12
    not released

Version: 13.09.11
  BUGFIX
    * reverse hostname lookup corrected; now prints list
    * print host (target) information before doing checks
  UPDATE
    * be greedy to allow +BEAST, +CRIME, etc.
    * cipher names are prependet by SSL version in +check output
    * documentation (COMMANDS, OPTIONS) improved
    * legacy option improved
  NEW
    * -no-dns implemented (workaround for '<gethostbyaddr() failed>)
    * %cfg{regex} added

Version: 13.09.10
  BUGFIX
    * output for some legacy formats corrected (sslscan, ssltest, sslyze)
    * print correct SSL version for ciphers in results
    * legacy option --no-failed corrected
  UPDATE
    * Glossar improved

Version: 13.09.09
  BUGFIX
    * +cipher command corrected

Version: 13.09.08
  NEW
    * --cipher= allows other names;  _find_cipher_name() implemented

Version: 13.09.07
  BUGFIX
    * --short texts corrected
  UPDATE
    * scoring improved
    * documentation improved
  NEW
    * +quick  command for quick and simple check
    * +http   command for HTTP(S) checks
    * --legasy=testsslserver  implemented

Version: 13.07.31
  UPDATE
    * debugging and tracing improved
  NEW
    * STS     checks implemented (scoring not yet perfect)
    * PFS     checks implemented
    * --format=raw implemented
    * new commands:  +sigkey_value, +sigkey_algorithm, +sigkey_len

Version: 13.03.31
  BUGFIX
    * avoid useless or wrong output when --no-cert given
  UPDATE
    * glossar
  NEW
    * --http  implemented
    * --set_score implemented
    * --help=LABEL implemented
    * --ignorecase implemented
    * --showhost implemented
    * scoring implemented (first simple attempt)



