Skip to content

Releases: nabla-c0d3/sslyze

1.4.3

03 Aug 16:09
Compare
Choose a tag to compare
  • Fixed a bug where the results for OCSP Stapling support would be inconsistent (#324).
  • Fixed a crash on Python 2.7.

1.4.2

20 May 00:02
Compare
Choose a tag to compare
  • Added the Java trust store as an additional store for validating the server's certificate (#287).
  • Various bug fixes (#312, #313, #314, #315, #316)

1.4.1

19 Mar 02:09
Compare
Choose a tag to compare
  • Added detection of Symantec-issued certificates when using --certinfo or CertificateInfoScanCommand (#288); such certificates will stop working in future versions of Chrome.
  • Bug fixes for when scanning through a proxy.

1.4.0

11 Mar 02:11
Compare
Choose a tag to compare
  • Last major release to support Python 2.7 and 3.4.
  • The Python API has changed slightly when doing connectivity testing.
    • A guide on how to update your code is available here. The migration should only require changing a few lines of code.
  • When using the Python API, more specialized errors (ie. subclasses of ServerConnectivityError) are returned when connectivity testing failed, so that it is easier to know what went wrong. Your existing code should still work the same.
  • Replaced the --timeout and --nb_retries CLI options with --slow_connection, for when the connection is slow or the server cannot support many concurrent connections.
  • Updated TLS 1.3 support to draft 23.
  • Bug fixes for client authentication.
  • Bug fixes Alpine Linux.

1.3.4

02 Feb 04:16
Compare
Choose a tag to compare
  • Bug fixes for the ROBOT check to address false positives (#282).
  • The trust stores used by SSLyze can now be updated via the CLI (--update_trust_stores) or via the Python API (TrustStoresRepository.update_default()) (#225).
  • Added support for the Expect CT HTTP header (#285) when using -http_headers.

1.3.2

24 Dec 03:06
Compare
Choose a tag to compare
  • Added missing IANA names for some cipher suites (#276).
  • Improved speed when testing for TLS 1.3 cipher suites using --tlsv1_3.
  • Updated the trust stores used when running --certinfo.
  • Bug fix for OCSP responses containing non-UTF8 characters when running --certinfo.
  • On Linux, nassl is now available as a binary wheel in order to avoid build and OpenSSL issues (#241).
  • Project license modified to AGPL.

1.3.1

19 Dec 07:04
Compare
Choose a tag to compare

1.3.0

18 Dec 05:46
Compare
Choose a tag to compare
  • Added a new plugin to scan for the ROBOT vulnerability (https://robotattack.org/). The check can be run using:
  • The --certinfo and CertificateInfoScanCommand commands now return information about the OCSP Must-Staple and Certificate Transparency X509 extensions of the server's certificate.
  • The --certinfo command now returns the content of the server certificate's SubjectAltName in the JSON and XML outputs (#265).
  • Fixed several memory leaks in the nassl C extension. The memory usage of the SSLyze process will grow a lot slower over time (#196).
  • Fixed bug when running the --reneg command on Python 3 (#264).
  • Switched minimum version of Python to 3.4.

1.2.0

25 Nov 22:44
Compare
Choose a tag to compare
  • Added support for TLS 1.3 (draft 18) scanning using OpenSSL 1.1.1 dev.
    • python -m sslyze --tlsv1_3 tls13.crypto.mozilla.org
  • Added support for new-style ChaCha20 cipher suites.
  • Added some of the certificate fields to the JSON output (#258).
  • Bug fix for Python 3 (#251, #256), OCSP Stapling (#254), IPv6 and the Heartbleed/CCS checks (#257).

1.1.5

08 Nov 23:38
b3b688c
Compare
Choose a tag to compare
  • Fixed JSON output when using Python 2.7 (#246).
  • Fixed CLI output for showing whether a certificate is EV or not (#245).
  • Fixed ConcurrentScanner when using Python 3.6 (#251).