David Cooper

Hi Dirk, I hadn't thought about adding the ciphers to `run_cipherlists()` and other changes like that. The changes I was thinking about were, for example, that in order to test...

In addition to the new cipher suites mentioned above, below are some more code points that have recently been registered: **TLS Supported Groups** Value | Description | Reference -- |...

Just to update this issue: 1. draft-bruckert-brainpool-for-tls13 is now [RFC 8734](https://www.iana.org/go/rfc8734) 2. There are two new documents specifying code points: - [draft-smyshlyaev-tls13-gost-suites](https://www.iana.org/go/draft-smyshlyaev-tls13-gost-suites) - GOST Cipher Suites for Transport Layer Security...

Hi Dirk, Just adding these values to files such as etc/cipher-mapping.txt probably wouldn't cause any problems, but I'm not sure. There is code in testssl.sh that would eventually need to...

> For dev.testssl.sh ist seems to be still penalizing the order for TLS 1.2. Yes. For TLS 1 and TLS 1.1, all ciphers supported by dev.testssl.sh are rated by `get_cipher_quality()`...

Hi Dirk, Here is another attempt at specifying what the finding should be if the server does not enforce a cipher order. In the table below, the columns represent the...

> Am I missing something or wasn't that just a suggestion, pending an implementation? The table is just a suggestion, and it would result in your example being flagged as...

The PR should now be implementing what is in the table. Please let me know if you have any suggested changes.

Okay, I added a new commit that sends information to the file output about whether a cipher order is enforced for every protocol version (except SSLv2). In addition, if a...

> Is there any reason we need the line "Has server cipher order?" and "cipher_order" in fileout? I don't think so. I think the "cipher_order" fileout is just a summary...