Sslyze Versions Save

Fast and powerful SSL/TLS scanning library.

6.0.0

1 month ago
  • Added support for Python 3.12 (#630).
  • Removed support for Python 3.7 (#616).
  • Switched to Python Cryptography's implementation of certificate validation, in order to simplify the validation logic and make it more reliable (#638).
    • Removed direct dependency to pyOpenSSL.
    • Removed usages of ssl.match_hostname() (#627).
    • JSON output changes for the certificate information plugin:
      • leaf_certificate_subject_matches_hostname has been removed because hostname validation is now directly reported in the path_validation_results, which makes it simpler to process them.
      • Similarly, openssl_error_string was renamed to validation_error.
  • Fixed crash caused by "invalid padding" and "invalid encoding" errors (#632, #634).
  • Better output when an SMTP EHLO is rejected ( #635).

5.2.0

7 months ago
  • Fixed crashes affecting specific Linux distributions such as Red Hat Linux and CentOS (#556, #621).
  • Fixed a bug when probing TLS 1.3 servers that require client authentication (#612).
  • Fixed a crash when using the JSON output with the MozillaTlsConfigurationChecker (#614).
  • Added support for pydantic 2.x (#611).
  • Added support for cryptography 40 and 41 (#610).
  • Updated Windows executable to use Python 3.11 (#588).
  • Updated Mozilla configuration recommendations to v5.7 (#608).
  • Better handling of servers that only support SSL v2.0 (#601).
  • WARNING: This is the last release to support Python 3.7.
  • WARNING: This is the last release to support pydantic 1.x.

5.1.3

1 year ago

5.1.2

1 year ago
  • Updated cryptography to v39 (#596).
  • Updated the trust stores.

5.1.1

1 year ago
  • Fixed compatibility with specific versions of pydantic (#590).

5.1.0

1 year ago
  • Added support for Python 3.11 (#582).
  • Added support for Brainpool curves when running --elliptic_curves (#545).
  • Added support for validating certificates with IP addresses in their Subject Alternative Name (#544).
  • Fixed memory leaks when performing certificate validation by switching to pyOpenSSL (#566).
  • Fixed a crash with pydantic v1.10.3 (#586).
  • Removed check for the Expect-CT HTTP header when running --http_headers as the header has been deprecated (#584).
  • Fixed a crash when exporting results to JSON when an HTTP proxy was used (#581).

5.0.6

1 year ago
  • Fixed a bug where no scans were run when using specific combinations of CLI options (#575).
  • Added support for more TLS stacks when connecting and scanning for elliptic curves (#579, #562).
  • Better CLI output when connectivity to the server is flaky (#534).
  • Added support for pydantic 1.10 (#576).
  • Documented how to export results to JSON via the Python API (#571).

5.0.5

2 years ago
  • Fixed an error when scanning a server with a specific behavior regarding client authentication (#555).
  • Fixed an error when using --openssl_ccs on specific servers (#548).
  • Added support for cryptography 37.0.0 (#565).
  • Updated the embedded trust stores.

5.0.4

2 years ago

5.0.3

2 years ago
  • Fixed a crash when no valid server strings had been supplied via the command line (#557).
  • Fixed a crash when serializing the result of running --http_headers to JSON (#554).
  • Checking the server's scan results against the Mozilla configurations can be disabled using --mozilla_config=disable (#551).