Skip to content

Releases: nabla-c0d3/sslyze

6.1.0

04 Jan 09:16
216ae90
Compare
Choose a tag to compare
  • Added support for Python 3.13 and removed support for Python 3.8 (#616, nabla-c0d3/nassl#121).
  • Added experimental support for aarch64-based Linux (nabla-c0d3/nassl#86).
  • Removed support for Intel-based Macs.
  • New check: support for the Extended Master Secret TLS extension (#680).
  • New feature: a custom HTTP agent can be supplied via the Python API (#644).
  • New feature: a custom SMTP EHLO hostname can be supplied via the Python API (#682).
  • New feature: the number of attempts for testing client renegotiation can be configured via the Python API (#661).
  • Fixed a few crashes (#675, #670, #672).
  • Fixed a memory leak (nabla-c0d3/nassl#119).
  • Added support for newer versions of the pydantic and cryptography packages (#652)
  • Fixed a crash when using the JSON output with a non-successful OCSP response (#646).
  • Clarified the CLI output when showing the results of a scan for a server that uses leaf multiple certificates.

See also https://github.com/users/nabla-c0d3/projects/8 for more details.

6.0.0

31 Mar 08:12
Compare
Choose a tag to compare
  • Added support for Python 3.12 (#630).
  • Removed support for Python 3.7 (#616).
  • Switched to Python Cryptography's implementation of certificate validation, in order to simplify the validation logic and make it more reliable (#638).
    • Removed direct dependency to pyOpenSSL.
    • Removed usages of ssl.match_hostname() (#627).
    • JSON output changes for the certificate information plugin:
      • leaf_certificate_subject_matches_hostname has been removed because hostname validation is now directly reported in the path_validation_results, which makes it simpler to process them.
      • Similarly, openssl_error_string was renamed to validation_error.
  • Fixed crash caused by "invalid padding" and "invalid encoding" errors (#632, #634).
  • Better output when an SMTP EHLO is rejected ( #635).

See also https://github.com/users/nabla-c0d3/projects/5 for more details.

5.2.0

24 Sep 14:58
49380c1
Compare
Choose a tag to compare
  • Fixed crashes affecting specific Linux distributions such as Red Hat Linux and CentOS (#556, #621).
  • Fixed a bug when probing TLS 1.3 servers that require client authentication (#612).
  • Fixed a crash when using the JSON output with the MozillaTlsConfigurationChecker (#614).
  • Added support for pydantic 2.x (#611).
  • Added support for cryptography 40 and 41 (#610).
  • Updated Windows executable to use Python 3.11 (#588).
  • Updated Mozilla configuration recommendations to v5.7 (#608).
  • Better handling of servers that only support SSL v2.0 (#601).
  • WARNING: This is the last release to support Python 3.7.
  • WARNING: This is the last release to support pydantic 1.x.

See also https://github.com/users/nabla-c0d3/projects/7 for more details.

5.1.3

01 Apr 13:44
Compare
Choose a tag to compare
  • Added native support for Apple Silicon (nabla-c0d3/nassl#107).
  • Fixed a crash when using older versions of PyOpenSSL (#600).
  • WARNING: This is the last release to support Windows 7.

5.1.2

09 Mar 21:19
Compare
Choose a tag to compare
  • Updated cryptography to v39 (#596).
  • Updated the trust stores.

5.1.1

18 Jan 20:10
Compare
Choose a tag to compare
  • Fixed compatibility with specific versions of pydantic (#590).

5.1.0

17 Jan 20:53
Compare
Choose a tag to compare
  • Added support for Python 3.11 (#582).
  • Added support for Brainpool curves when running --elliptic_curves (#545).
  • Added support for validating certificates with IP addresses in their Subject Alternative Name (#544).
  • Fixed memory leaks when performing certificate validation by switching to pyOpenSSL (#566).
  • Fixed a crash with pydantic v1.10.3 (#586).
  • Removed check for the Expect-CT HTTP header when running --http_headers as the header has been deprecated (#584).
  • Fixed a crash when exporting results to JSON when an HTTP proxy was used (#581).

5.0.6

15 Oct 11:15
ff6887d
Compare
Choose a tag to compare
  • Fixed a bug where no scans were run when using specific combinations of CLI options (#575).
  • Added support for more TLS stacks when connecting and scanning for elliptic curves (#579, #562).
  • Better CLI output when connectivity to the server is flaky (#534).
  • Added support for pydantic 1.10 (#576).
  • Documented how to export results to JSON via the Python API (#571).

5.0.5

14 May 12:17
Compare
Choose a tag to compare
  • Fixed an error when scanning a server with a specific behavior regarding client authentication (#555).
  • Fixed an error when using --openssl_ccs on specific servers (#548).
  • Added support for cryptography 37.0.0 (#565).
  • Updated the embedded trust stores.

5.0.4

30 Apr 12:35
Compare
Choose a tag to compare
  • Reduced memory usage, and fixed a memory leak when running multiple scans in a row via the Python API (#560).