Update docs and bump version

rbsec · rbsec · commit 50f324c5bde4 · 2025-06-15T11:39:58.000+01:00
diff --git a/Changelog b/Changelog
@@ -1,11 +1,11 @@
 Changelog
 =========
 
-Version: TBC
-Date   : TBC
+Version: 2.2.0
+Date   : 15/06/2025
 Author : rbsec <robin@rbsec.net>
 Changes: The following are a list of changes
-		 > OpenSSL 3.5 is now the minimum version to build against
+		 > OpenSSL 3.5 is now the minimum version to build against (credit tetlowgm)
        > Various code cleanup dropping support for legacy OpenSSL versions (credit tetlowgm)
        > Handle some servers that rejecting large ClientHello messages (credit jtesta)
        > Add support for new post-quantum groups (credit jtesta)
diff --git a/README.md b/README.md
@@ -77,7 +77,7 @@ Key changes are as follows:
 
 ### Building on Linux
 
-It is recommended to ignore the OpenSSL system installation and statically build against your own version. Although this results in a more resource-heavy `sslscan` binary (file size, memory consumption, etc.), this allows some additional checks such as TLS compression. Note that the minimum OpenSSL version required by sslscan is 3.5.0 (LTS), so if your distro ships an older version then building against it will not work, and you will have to do a static build.
+It is recommended to ignore the OpenSSL system installation and statically build against your own version. Although this results in a more resource-heavy `sslscan` binary (file size, memory consumption, etc.), this allows some additional checks such as TLS compression. Note that as of sslscan version 2.2.0, the minimum OpenSSL version required by sslscan is 3.5.0 (LTS), so if your distro ships an older version then building against it will not work, and you will have to do a static build.
 
 To compile your own OpenSSL version, you'll probably need to install the OpenSSL build dependencies. The commands below can be used to do this on Debian.
 
diff --git a/TODO b/TODO
diff --git a/sslscan.1 b/sslscan.1
@@ -6,7 +6,7 @@ sslscan \- Fast SSL/TLS scanner
 .RI [ options ] " [host:port | host]"
 .SH DESCRIPTION
 .PP
-\fBsslscan\fP queries SSL/TLS services (such as HTTPS) and reports the protocol versions, cipher suites, key exchanges, signature algorithms, and certificates in use.  This helps the user understand which parameters are weak from a security standpoint.
+\fBsslscan\fP queries SSL/TLS services (such as HTTPS) and reports the protocol versions, cipher suites, key exchanges, signature algorithms, and certificates in use.  This helps the user understand which parameters are weak from a security standpoint. \fBsslscan\fP can also output results into an XML file for easy consumption by external programs.
 
 Terminal output is thus colour-coded as follows:
 
@@ -19,9 +19,10 @@ Ciphers and algorithms with demonstrated vulnerabilities, or that are generally
 .B Yellow
 Ciphers and algorithms with known weaknesses or that are still too new to widely trusted, but that are not generally considered exploitable (even by the standards of TLS vulnerabilities).
 .br
-
-\fBsslscan\fP can also output results into an XML file for easy consumption by external programs.
-
+.B Green
+Ciphers and algorithms that are aligned with current recommended best practices.
+.br
+.br
 .SH OPTIONS
 .TP
 .B \-\-help
