Releases: nabla-c0d3/sslyze
Releases · nabla-c0d3/sslyze
6.1.0
- Added support for Python 3.13 and removed support for Python 3.8 (#616, nabla-c0d3/nassl#121).
- Added experimental support for aarch64-based Linux (nabla-c0d3/nassl#86).
- Removed support for Intel-based Macs.
- New check: support for the Extended Master Secret TLS extension (#680).
- New feature: a custom HTTP agent can be supplied via the Python API (#644).
- New feature: a custom SMTP EHLO hostname can be supplied via the Python API (#682).
- New feature: the number of attempts for testing client renegotiation can be configured via the Python API (#661).
- Fixed a few crashes (#675, #670, #672).
- Fixed a memory leak (nabla-c0d3/nassl#119).
- Added support for newer versions of the pydantic and cryptography packages (#652)
- Fixed a crash when using the JSON output with a non-successful OCSP response (#646).
- Clarified the CLI output when showing the results of a scan for a server that uses leaf multiple certificates.
See also https://github.com/users/nabla-c0d3/projects/8 for more details.
6.0.0
- Added support for Python 3.12 (#630).
- Removed support for Python 3.7 (#616).
- Switched to Python Cryptography's implementation of certificate validation, in order to simplify the validation logic and make it more reliable (#638).
- Removed direct dependency to pyOpenSSL.
- Removed usages of
ssl.match_hostname()
(#627). - JSON output changes for the certificate information plugin:
leaf_certificate_subject_matches_hostname
has been removed because hostname validation is now directly reported in thepath_validation_results
, which makes it simpler to process them.- Similarly,
openssl_error_string
was renamed tovalidation_error
.
- Fixed crash caused by "invalid padding" and "invalid encoding" errors (#632, #634).
- Better output when an SMTP EHLO is rejected ( #635).
See also https://github.com/users/nabla-c0d3/projects/5 for more details.
5.2.0
- Fixed crashes affecting specific Linux distributions such as Red Hat Linux and CentOS (#556, #621).
- Fixed a bug when probing TLS 1.3 servers that require client authentication (#612).
- Fixed a crash when using the JSON output with the
MozillaTlsConfigurationChecker
(#614). - Added support for pydantic 2.x (#611).
- Added support for cryptography 40 and 41 (#610).
- Updated Windows executable to use Python 3.11 (#588).
- Updated Mozilla configuration recommendations to v5.7 (#608).
- Better handling of servers that only support SSL v2.0 (#601).
- WARNING: This is the last release to support Python 3.7.
- WARNING: This is the last release to support pydantic 1.x.
See also https://github.com/users/nabla-c0d3/projects/7 for more details.
5.1.3
- Added native support for Apple Silicon (nabla-c0d3/nassl#107).
- Fixed a crash when using older versions of PyOpenSSL (#600).
- WARNING: This is the last release to support Windows 7.
5.1.2
5.1.1
5.1.0
- Added support for Python 3.11 (#582).
- Added support for Brainpool curves when running
--elliptic_curves
(#545). - Added support for validating certificates with IP addresses in their Subject Alternative Name (#544).
- Fixed memory leaks when performing certificate validation by switching to pyOpenSSL (#566).
- Fixed a crash with pydantic v1.10.3 (#586).
- Removed check for the Expect-CT HTTP header when running
--http_headers
as the header has been deprecated (#584). - Fixed a crash when exporting results to JSON when an HTTP proxy was used (#581).
5.0.6
- Fixed a bug where no scans were run when using specific combinations of CLI options (#575).
- Added support for more TLS stacks when connecting and scanning for elliptic curves (#579, #562).
- Better CLI output when connectivity to the server is flaky (#534).
- Added support for pydantic 1.10 (#576).
- Documented how to export results to JSON via the Python API (#571).