3.1.0

• Added support for scanning for supported elliptic curves (#447):

$ python -m sslyze --elliptic_curves www.cloudflare.com

 * Elliptic Curve Key Exchange:
       Supported curves:                  prime256v1, secp384r1, secp521r1, X25519
       Rejected curves:                   sect163r2, secp160r1, sect233k1, X448, secp160r2, sect233r1, secp192k1,
sect239k1, secp224k1, sect193r1, sect283k1, secp224r1, sect163k1, sect283r1, secp256k1, secp160k1, 
sect409k1, prime192v1, sect409r1, sect163r1, sect193r2, sect571k1, sect571r1

• Added support for cryptography 3.x (#455).
• Fixed various crashes (#458, #459).

3.0.8

• Significantly reduced memory usage when using SSLyze in a Python application.

3.0.7

• Fixed crashes when scanning Amazon Cloudfront due to TLS 1.3 (#445).
• Fixed a crash when scanning a server with an Ed25519 certificate (#444).
• The CLI will now run --regular if no scan options were supplied: python -m sslyze google.com (#440)

3.0.6

• Fixed a crash when scanning Amazon Cloudfront for Heartbleed and CCS Injection (#437).
• The Python API now exposes a JsonEncoder to make it easy to serialize a ServerScanResult to JSON (#439).

3.0.4

• Fixed crashes when running SSLyze on localized (ie. non-english) versions of Windows (#434).

3.0.3

• Fixed bug with Heartbleed and CCS Injection checks (#202 )
• Fix crashes with servers that have connectivity issues (#433, #430 )

3.0.2

• Improved check for HTTP security headers by adding support for HTTP redirections (#393 ).
• Fixed bug causing some results to not be returned when scanning multiple servers (#429 ).
• Added support for more versions of the cryptography package for better compatibility (#428 ).
• Fixed crash when scanning a server with a certificate that has duplicate X509 extensions (#420 )

3.0.1

• Fixed installation errors with Python 3.8 (#421).
• Added a a pre-built Windows executable: sslyze-3.0.1-exe.zip.

3.0.0

Big internal refactoring focused on modernizing the code base (dataclasses, type annotations, etc.) and improving the speed and reliability of the scan results.

• The Python API and the format of the outputs have been drastically improved and simplified, but are not backward-compatible with older versions of SSLyze.
• Python 3.8 is now supported, and Python 3.6 is no longer supported.
• Huge improvements to the reliability of the scans:
  • The number of concurrent connections per single server can now be controlled and is set to 5 by default (#385).
  • This limit is enforced regardless of the number of scan commands queued for the server, and drastically reduces the number of scans that fail due to a slow server or a slow connection.
• Various improvements to cipher suites scanning:
  • The size of the cipher's suite key is now always returned.
  • The (EC) Diffie-Helmann parameters negotiated during the TLS handshake are now returned (#394).
• Various improvements to server certificate checks:
  • Servers that expose multiple leaf certificates and chains are now supported (#326).
  • Bug fix for Symantec CA deprecation (#406).
• SSLyze is now compatible with PEP 561 for type checking with mypy.
• Various improvements to the JSON output:
  • The format of the JSON output now exactly matches the format of the Python output (which is fully documented).
  • Better parsing of Subject and Issuer fields in certificates (#404).
• Support for XML output was removed.

2.1.4

• Fixed crash when scanning servers that only support old versions of SSL/TLS (#386).