Releases: nabla-c0d3/sslyze
Releases · nabla-c0d3/sslyze
1.4.3
1.4.2
1.4.1
1.4.0
- Last major release to support Python 2.7 and 3.4.
- The Python API has changed slightly when doing connectivity testing.
- A guide on how to update your code is available here. The migration should only require changing a few lines of code.
- When using the Python API, more specialized errors (ie. subclasses of
ServerConnectivityError
) are returned when connectivity testing failed, so that it is easier to know what went wrong. Your existing code should still work the same. - Replaced the
--timeout
and--nb_retries
CLI options with--slow_connection
, for when the connection is slow or the server cannot support many concurrent connections. - Updated TLS 1.3 support to draft 23.
- Bug fixes for client authentication.
- Bug fixes Alpine Linux.
1.3.4
1.3.2
- Added missing IANA names for some cipher suites (#276).
- Improved speed when testing for TLS 1.3 cipher suites using
--tlsv1_3
. - Updated the trust stores used when running
--certinfo
. - Bug fix for OCSP responses containing non-UTF8 characters when running
--certinfo
. - On Linux, nassl is now available as a binary wheel in order to avoid build and OpenSSL issues (#241).
- Project license modified to AGPL.
1.3.1
- Bug fix for the ROBOT check (#270). The check can be run using:
- The CLI tool: python -m sslyze --robot www.google.com
- SSLyze's Python API using the RobotScanCommand, as described at https://nabla-c0d3.github.io/blog/2017/12/17/sslyze-robot-scan/.
1.3.0
- Added a new plugin to scan for the ROBOT vulnerability (https://robotattack.org/). The check can be run using:
- The CLI tool:
python -m sslyze --robot www.google.com
- SSLyze's Python API using the
RobotScanCommand
, as described at https://nabla-c0d3.github.io/blog/2017/12/17/sslyze-robot-scan/.
- The CLI tool:
- The
--certinfo
andCertificateInfoScanCommand
commands now return information about the OCSP Must-Staple and Certificate Transparency X509 extensions of the server's certificate. - The
--certinfo
command now returns the content of the server certificate's SubjectAltName in the JSON and XML outputs (#265). - Fixed several memory leaks in the nassl C extension. The memory usage of the SSLyze process will grow a lot slower over time (#196).
- Fixed bug when running the
--reneg
command on Python 3 (#264). - Switched minimum version of Python to 3.4.
1.2.0
- Added support for TLS 1.3 (draft 18) scanning using OpenSSL 1.1.1 dev.
python -m sslyze --tlsv1_3 tls13.crypto.mozilla.org
- Added support for new-style ChaCha20 cipher suites.
- Added some of the certificate fields to the JSON output (#258).
- Bug fix for Python 3 (#251, #256), OCSP Stapling (#254), IPv6 and the Heartbleed/CCS checks (#257).