sslyze
Fast and powerful SSL/TLS scanning library.
AGPL-3.0 License
Ecosystems:
Python
Bot releases are hidden (Show)
sslyze
- 1.4.2
Published by nabla-c0d3 over 6 years ago
- Added the Java trust store as an additional store for validating the server's certificate (#287).
- Various bug fixes (#312, #313, #314, #315, #316)
sslyze
- 1.4.1
Published by nabla-c0d3 over 6 years ago
- Added detection of Symantec-issued certificates when using
--certinfoorCertificateInfoScanCommand(#288); such certificates will stop working in future versions of Chrome. - Bug fixes for when scanning through a proxy.
sslyze
- 1.4.0
Published by nabla-c0d3 over 6 years ago
- Last major release to support Python 2.7 and 3.4.
- The Python API has changed slightly when doing connectivity testing.
- A guide on how to update your code is available here. The migration should only require changing a few lines of code.
- When using the Python API, more specialized errors (ie. subclasses of
ServerConnectivityError) are returned when connectivity testing failed, so that it is easier to know what went wrong. Your existing code should still work the same. - Replaced the
--timeoutand--nb_retriesCLI options with--slow_connection, for when the connection is slow or the server cannot support many concurrent connections. - Updated TLS 1.3 support to draft 23.
- Bug fixes for client authentication.
- Bug fixes Alpine Linux.
sslyze
- 1.3.4
Published by nabla-c0d3 over 6 years ago
- Bug fixes for the ROBOT check to address false positives (#282).
- The trust stores used by SSLyze can now be updated via the CLI (
--update_trust_stores) or via the Python API (TrustStoresRepository.update_default()) (#225). - Added support for the Expect CT HTTP header (#285) when using
-http_headers.
sslyze
- 1.3.2
Published by nabla-c0d3 almost 7 years ago
- Added missing IANA names for some cipher suites (#276).
- Improved speed when testing for TLS 1.3 cipher suites using
--tlsv1_3. - Updated the trust stores used when running
--certinfo. - Bug fix for OCSP responses containing non-UTF8 characters when running
--certinfo. - On Linux, nassl is now available as a binary wheel in order to avoid build and OpenSSL issues (#241).
- Project license modified to AGPL.
sslyze
- 1.3.1
Published by nabla-c0d3 almost 7 years ago
- Bug fix for the ROBOT check (#270). The check can be run using:
- The CLI tool: python -m sslyze --robot www.google.com
- SSLyze's Python API using the RobotScanCommand, as described at https://nabla-c0d3.github.io/blog/2017/12/17/sslyze-robot-scan/.
sslyze
- 1.3.0
Published by nabla-c0d3 almost 7 years ago
- Added a new plugin to scan for the ROBOT vulnerability (https://robotattack.org/). The check can be run using:
- The CLI tool:
python -m sslyze --robot www.google.com - SSLyze's Python API using the
RobotScanCommand, as described at https://nabla-c0d3.github.io/blog/2017/12/17/sslyze-robot-scan/.
- The CLI tool:
- The
--certinfoandCertificateInfoScanCommandcommands now return information about the OCSP Must-Staple and Certificate Transparency X509 extensions of the server's certificate. - The
--certinfocommand now returns the content of the server certificate's SubjectAltName in the JSON and XML outputs (#265). - Fixed several memory leaks in the nassl C extension. The memory usage of the SSLyze process will grow a lot slower over time (#196).
- Fixed bug when running the
--renegcommand on Python 3 (#264). - Switched minimum version of Python to 3.4.
sslyze
- 1.2.0
Published by nabla-c0d3 almost 7 years ago
- Added support for TLS 1.3 (draft 18) scanning using OpenSSL 1.1.1 dev.
python -m sslyze --tlsv1_3 tls13.crypto.mozilla.org
- Added support for new-style ChaCha20 cipher suites.
- Added some of the certificate fields to the JSON output (#258).
- Bug fix for Python 3 (#251, #256), OCSP Stapling (#254), IPv6 and the Heartbleed/CCS checks (#257).
sslyze
- 1.1.5
Published by nabla-c0d3 almost 7 years ago
- Fixed JSON output when using Python 2.7 (#246).
- Fixed CLI output for showing whether a certificate is EV or not (#245).
- Fixed
ConcurrentScannerwhen using Python 3.6 (#251).
sslyze
- 1.1.4
Published by nabla-c0d3 about 7 years ago
- Switch pre-compiled Windows executable from 64 bits to 32 bits for better compatibility.
- Fix dependency version in the setup.py file.
sslyze
- 1.1.3
Published by nabla-c0d3 about 7 years ago
- Added support for Python 3.6 on Windows. This is also the last release to support Python 2.7 on Windows. Python 2 and 3 will still be supported on other platforms (Linux, macOS).
- Added a pre-compiled executable for running SSLyze on Windows without having to install Python.
- Fixed bugs with StartTLS scans.
- Further improved stability of the new implementation of the Heartbleed and OpenSSL CCS checks.
- Added basic certificate fields (Subject, Issuer, etc.) to the XML output.
sslyze
- 1.1.2
Published by nabla-c0d3 about 7 years ago
- Full rewrite of the Heartbleed and CCS checks to fix timeouts and other errors, and to improve maintainability.
- Improvements to the XML output when running the
--certinfocommand.
sslyze
- 1.1.1
Published by nabla-c0d3 over 7 years ago
- Bug fixes for EC certificates.
- Bug fixes for the Heartbleed check.
sslyze
- 1.1.0
Published by nabla-c0d3 over 7 years ago
- Added support for Python 3.3+ on Linux and MacOS. Windows will be supported later.
- Added support for scanning for cipher suites on servers that require client authentication.
- Certificate transparency SCTs via OCSP Stapling will be now displayed when running a
CertificateInfoScanCommand. - Removed custom code for parsing X509 certificates, which was the source of numerous bugs and crashes when running a
CertificateInfoScanCommand:- Certificates returned by the SSLyze Python API are now parsed using the cryptography library, making further processing a lot easier and cleaner.
- Certificates returned in the XML and JSON output when using
--certinfoare no longer parsed. XML/JSON consumers should instead parse the PEM-formatted certificate available in the output using their language/framework's X509 libraries. - The
--print_full_certificateoption when using--certinfois no longer available.
- Bug fixes for the Heartbleed check.
- Added unit tests for SSL 2.0, SSL 3.0, Heartbleed and OpenSSL CCS injection checks.
sslyze
- 1.0.0
Published by nabla-c0d3 over 7 years ago
- Significant refactoring to simplify and enhance SSLyze's Python API. It is now fully documented and should be considered stable; see http://nabla-c0d3.github.io/sslyze/documentation/.
- Renamed
--certinfo_basiccommand to--certinfofor consistency with other plugins. - The
--certinfocommand will now use any trust store that successfully validated the server's certificate chain to run further checks against the server's chain (such as the chain order, or the presence of a SHA1-signed certificate), instead of only trying with the Mozilla trust store. - The
--certinfocommand will now properly validate OCSP Stapling even if it is not trusted by any trust store. - Various bug fixes.
- Significant internal changes including:
- A revamped plugin system that is a lot simpler to maintain and extend.
- Simplified interface for building custom output generators within the CLI tool.
- Progress toward Python3 compatibility.
- With a clean, fully documented Python API, SSLyze is now ready for a 1.0.0 release!
sslyze
- 0.14.2
Published by nabla-c0d3 almost 8 years ago
- The cipher suite tests (such as
--tlsv1_2) will only return a preferred cipher suite if the server has a cipher suite preference (as opposed to following the client's preference). - Bug fixes for
--https_tunneland-starttls=postgres. - Refactored how the CLI tool generates its output to make it extendable.
sslyze
- 0.14.1
Published by nabla-c0d3 about 8 years ago
- Bug fixes for
--http_headers,--tlsv1_2and--json_out. - Updated version of OpenSSL.
- The command line tool was moved from
./sslyze_cli.pyto./sslyze/__main__.pyand can be called usingpython -m sslyze. - When sending HTTP requests, SSLyze's
User-Agentheader now containsSSLyzefor easier identification.
sslyze
- 0.14.0
Published by nabla-c0d3 about 8 years ago
-
--certinfo_basicwill now return the server's "verified" certificate chain, if the server's certificate is trusted; the chain contains every certificate from the server's leaf certificate up to a root certificate included in the Mozilla store. - Renamed
--hststo--http_headers; the command will now return HTTP Public Key Pinning information including the server's HPKP header value and the HPKP pins for each certificate in the server's verified certificate chain. - Bug fixes for IPv6 support, exotic certificates, SHA-1 deprecation check and scanning through an HTTP proxy.
sslyze
- 0.13.6
Published by nabla-c0d3 over 8 years ago
- Added the Android Open Source Project's trust store when using
--certinfo. - Bug fixes for IPv6 support,
--nb_retries,--nb_timeoutand UTF-8 and internationalized names in certificates. -
--hstsno longer raises an exception when the server sends back a redirection to HTTP.
sslyze
- 0.13.5
Published by nabla-c0d3 over 8 years ago
- Various bugs fixes.
Package Rankings
Top 1.58% on Pypi.org
Top 21.06% on Formulae.brew.sh
Badges
Extracted from project README
