tls-grab: A big update!

Huzzah! A new tls-grab has been released. Version 2.0.0 is available now. This version has a number of improvements:

  • It’s dumber! Which is a good thing, in this case. The previous version was trying to be too clever and didn’t show certificates it should have. Now tls-grab will show the first certificate in the chain.
  • The CLI flag parsing now uses pflag over the stdlib’s flag library. This makes the CLI more GNU-ish, which in my opinion is more comfortable.
  • Debug logging! Not super useful for y'all, but it helps me out.
  • Proper SNI support, allowing you to override the hostname provided in the handshake. tls-grab always supported SNI, but you couldn’t connect to a server and use a different hostname. Now you can, with -h/--host.
  • Removed the -server flag, just specify the server’s name on the command line. Even more comfortable! I wish I had done this earlier, forgetting to include the flag each time was rather annoying…

Next up is creating a man page and some OS packaging. Though that later bit is part of a larger plan, more on that another time.