Fast and powerful SSL/TLS scanning library.
AGPL-3.0 License
Bot releases are visible (Hide)
ssl.match_hostname()
(#627).leaf_certificate_subject_matches_hostname
has been removed because hostname validation is now directly reported in the path_validation_results
, which makes it simpler to process them.openssl_error_string
was renamed to validation_error
.Published by nabla-c0d3 about 1 year ago
MozillaTlsConfigurationChecker
(#614).Published by nabla-c0d3 over 1 year ago
Published by nabla-c0d3 over 1 year ago
Published by nabla-c0d3 over 1 year ago
Published by nabla-c0d3 over 1 year ago
--elliptic_curves
(#545).--http_headers
as the header has been deprecated (#584).Published by nabla-c0d3 about 2 years ago
Published by nabla-c0d3 over 2 years ago
--openssl_ccs
on specific servers (#548).Published by nabla-c0d3 over 2 years ago
Published by nabla-c0d3 over 2 years ago
--http_headers
to JSON (#554).--mozilla_config=disable
(#551).Published by nabla-c0d3 almost 3 years ago
Published by nabla-c0d3 almost 3 years ago
--mozilla-config
to --mozilla_config
for consistency.--reneg
against servers using specific versions of GnuTLS.--json_out=-
to print JSON to the console (#543).Published by nabla-c0d3 almost 3 years ago
This major release focuses on improving the reliability of the scans, simplifying the Python API and JSON output, and adding support for checking a server's TLS configuration against Mozilla's recommended configuration.
--mozilla-config={old, intermediate, modern}
.--mozilla-config
option replaces --regular
, which has been removed.parsed_json_result = SslyzeOutputAsJson.parse_file("result.json")
public_key_pins_header
and public_key_pins_report_only_header
fields have been removed from HttpHeadersScanResult
.--resum
scan command has been updated to provide better insights into how the server supports session resumption (#53).
--resum_attempts
can be used in order to configure how many session resumptions --resum
will attempt; it is set to 5 by default.
python -m sslyze --resum --resum_attempts=20 www.google.com
SessionResumptionSupportScanResult
have been renamed and updated,--resum_rate
command, ScanCommand.SESSION_RESUMPTION_RATE
and the SessionResumptionRateScanResult
class have been removed. The --resum_attempts
command and SessionResumptionSupportExtraArguments
class should be used instead.Published by nabla-c0d3 over 3 years ago
http_headers
on specific server software (#517, #516).requirements.txt
.Published by nabla-c0d3 over 3 years ago
--elliptic_curves
on specific server software (#490).--http_headers
on a server that doesn't speak HTTP (#499, #500).
HttpHeadersScanResult.http_error_trace
field in the Python API.Published by nabla-c0d3 over 3 years ago
--robot
on an nginx server configured to require client authentication (#484).--reneg
on Indy TCP server (#483).Published by nabla-c0d3 over 3 years ago
Published by nabla-c0d3 over 3 years ago
Published by nabla-c0d3 over 3 years ago
ocsp_response
field in CertificateInfoScanResult
is now an OCSPResponse
instance from the cryptography.x509.ocsp
module.--certinfo
.accepts_client_renegotiation
field in SessionRenegotiationScanResult
was removed, and the more accurate is_vulnerable_to_client_renegotiation_dos
field was added.cipher_suite_preferred_by_server
in CipherSuitesScanResult
was removed.Published by nabla-c0d3 almost 4 years ago
$ python -m sslyze --elliptic_curves www.cloudflare.com
* Elliptic Curve Key Exchange:
Supported curves: prime256v1, secp384r1, secp521r1, X25519
Rejected curves: sect163r2, secp160r1, sect233k1, X448, secp160r2, sect233r1, secp192k1,
sect239k1, secp224k1, sect193r1, sect283k1, secp224r1, sect163k1, sect283r1, secp256k1, secp160k1,
sect409k1, prime192v1, sect409r1, sect163r1, sect193r2, sect571k1, sect571r1