- Added support for Python 3.9 (#468).
- Fixed a crash when parsing OCSP responses (#471).
- API-breaking change: the
ocsp_response
field inCertificateInfoScanResult
is now anOCSPResponse
instance from thecryptography.x509.ocsp
module. - JSON-breaking change: Significantly improved the JSON output for certificates and OCSP responses, when using
--certinfo
.
- API-breaking change: the
- Fixed a false positive when testing for client-initiated renegotiation DoS attacks on some servers (#473).
- API-breaking change: the
accepts_client_renegotiation
field inSessionRenegotiationScanResult
was removed, and the more accurateis_vulnerable_to_client_renegotiation_dos
field was added.
- API-breaking change: the
- The ability to detect the server’s “preferred” cipher suite was removed for being too unreliable, and will be replaced by full cipher suite order detection in a future release (#456).
- API-breaking change: the
cipher_suite_preferred_by_server
inCipherSuitesScanResult
was removed.
- API-breaking change: the
- Fixed a crash when scanning a server with an exotic/invalid TLS configuration (#466).
- Fixed support for older versions of macOS.
- Added support for the latest version of cryptography (#467).