@nabla-c0d3 nabla-c0d3 released this Sep 23, 2018 · 4 commits to master since this release

Assets 3
  • Brought back Windows support (Python 64 bits only).
  • Updated OpenSSL to the final 1.1.1 release.
  • SSLyze can now be installed via Docker (#332).

@nabla-c0d3 nabla-c0d3 released this Sep 23, 2018 · 23 commits to master since this release

Assets 2
  • Only Linux and macOS are supported for this release, but Windows support will be enabled in the next release.
  • Dropped support for Python 2 and older versions of Python 3; only Python 3.6 and 3.7 are supported.
    • Future releases with only support the latest two versions of Python available at the time of the release.
  • Added support for the final/official release of TLS 1.3 (RFC 8446).
    • The plugin can be tested against Cloudflare: python -m sslyze --tls_1_3 www.cloudflare.com
  • Added beta support for TLS 1.3 early data (0-RTT) testing; see --early_data and EarlyDataScanCommand.
    • The plugin can be tested against Cloudflare: python -m sslyze --early_data www.cloudflare.com
  • Significantly improved the documentation for the Python API.
  • Bug fixes (#328, #320, #319).
  • Switched to a more modern Python tool chain (pipenv, pytest, pyinvoke).
  • Removed legacy Python 2/3 code and ported the code base to Python 3 only.

@nabla-c0d3 nabla-c0d3 released this Aug 3, 2018 · 88 commits to master since this release

Assets 2
  • Fixed a bug where the results for OCSP Stapling support would be inconsistent (#324).
  • Fixed a crash on Python 2.7.

@nabla-c0d3 nabla-c0d3 released this May 20, 2018 · 94 commits to master since this release

Assets 2
  • Added the Java trust store as an additional store for validating the server's certificate (#287).
  • Various bug fixes (#312, #313, #314, #315, #316)

@nabla-c0d3 nabla-c0d3 released this Mar 19, 2018 · 108 commits to master since this release

Assets 3
  • Added detection of Symantec-issued certificates when using --certinfo or CertificateInfoScanCommand (#288); such certificates will stop working in future versions of Chrome.
  • Bug fixes for when scanning through a proxy.

@nabla-c0d3 nabla-c0d3 released this Mar 11, 2018 · 116 commits to master since this release

Assets 3
  • Last major release to support Python 2.7 and 3.4.
  • The Python API has changed slightly when doing connectivity testing.
    • A guide on how to update your code is available here. The migration should only require changing a few lines of code.
  • When using the Python API, more specialized errors (ie. subclasses of ServerConnectivityError) are returned when connectivity testing failed, so that it is easier to know what went wrong. Your existing code should still work the same.
  • Replaced the --timeout and --nb_retries CLI options with --slow_connection, for when the connection is slow or the server cannot support many concurrent connections.
  • Updated TLS 1.3 support to draft 23.
  • Bug fixes for client authentication.
  • Bug fixes Alpine Linux.

@nabla-c0d3 nabla-c0d3 released this Feb 2, 2018 · 162 commits to master since this release

Assets 3
  • Bug fixes for the ROBOT check to address false positives (#282).
  • The trust stores used by SSLyze can now be updated via the CLI (--update_trust_stores) or via the Python API (TrustStoresRepository.update_default()) (#225).
  • Added support for the Expect CT HTTP header (#285) when using -http_headers.

@nabla-c0d3 nabla-c0d3 released this Dec 24, 2017 · 185 commits to master since this release

Assets 3
  • Added missing IANA names for some cipher suites (#276).
  • Improved speed when testing for TLS 1.3 cipher suites using --tlsv1_3.
  • Updated the trust stores used when running --certinfo.
  • Bug fix for OCSP responses containing non-UTF8 characters when running --certinfo.
  • On Linux, nassl is now available as a binary wheel in order to avoid build and OpenSSL issues (#241).
  • Project license modified to AGPL.

@nabla-c0d3 nabla-c0d3 released this Dec 19, 2017 · 195 commits to master since this release

Assets 2

@nabla-c0d3 nabla-c0d3 released this Dec 18, 2017 · 199 commits to master since this release

Assets 2
  • Added a new plugin to scan for the ROBOT vulnerability (https://robotattack.org/). The check can be run using:
  • The --certinfo and CertificateInfoScanCommand commands now return information about the OCSP Must-Staple and Certificate Transparency X509 extensions of the server's certificate.
  • The --certinfo command now returns the content of the server certificate's SubjectAltName in the JSON and XML outputs (#265).
  • Fixed several memory leaks in the nassl C extension. The memory usage of the SSLyze process will grow a lot slower over time (#196).
  • Fixed bug when running the --reneg command on Python 3 (#264).
  • Switched minimum version of Python to 3.4.