Fast and powerful SSL/TLS scanning library.
--mozilla-config
to --mozilla_config
for consistency.--reneg
against servers using specific versions of GnuTLS.--json_out=-
to print JSON to the console (#543).This major release focuses on improving the reliability of the scans, simplifying the Python API and JSON output, and adding support for checking a server's TLS configuration against Mozilla's recommended configuration.
--mozilla-config={old, intermediate, modern}
.--mozilla-config
option replaces --regular
, which has been removed.parsed_json_result = SslyzeOutputAsJson.parse_file("result.json")
public_key_pins_header
and public_key_pins_report_only_header
fields have been removed from HttpHeadersScanResult
.--resum
scan command has been updated to provide better insights into how the server supports session resumption (#53).
--resum_attempts
can be used in order to configure how many session resumptions --resum
will attempt; it is set to 5 by default.
python -m sslyze --resum --resum_attempts=20 www.google.com
SessionResumptionSupportScanResult
have been renamed and updated,--resum_rate
command, ScanCommand.SESSION_RESUMPTION_RATE
and the SessionResumptionRateScanResult
class have been removed. The --resum_attempts
command and SessionResumptionSupportExtraArguments
class should be used instead.http_headers
on specific server software (#517, #516).requirements.txt
.--elliptic_curves
on specific server software (#490).--http_headers
on a server that doesn't speak HTTP (#499, #500).
HttpHeadersScanResult.http_error_trace
field in the Python API.--robot
on an nginx server configured to require client authentication (#484).--reneg
on Indy TCP server (#483).ocsp_response
field in CertificateInfoScanResult
is now an OCSPResponse
instance from the cryptography.x509.ocsp
module.--certinfo
.accepts_client_renegotiation
field in SessionRenegotiationScanResult
was removed, and the more accurate is_vulnerable_to_client_renegotiation_dos
field was added.cipher_suite_preferred_by_server
in CipherSuitesScanResult
was removed.$ python -m sslyze --elliptic_curves www.cloudflare.com
* Elliptic Curve Key Exchange:
Supported curves: prime256v1, secp384r1, secp521r1, X25519
Rejected curves: sect163r2, secp160r1, sect233k1, X448, secp160r2, sect233r1, secp192k1,
sect239k1, secp224k1, sect193r1, sect283k1, secp224r1, sect163k1, sect283r1, secp256k1, secp160k1,
sect409k1, prime192v1, sect409r1, sect163r1, sect193r2, sect571k1, sect571r1