github nabla-c0d3/sslyze 5.0.0
on GitHub

latest releases: 6.0.0, 5.2.0, 5.1.3...
2 years ago

This major release focuses on improving the reliability of the scans, simplifying the Python API and JSON output, and adding support for checking a server's TLS configuration against Mozilla's recommended configuration.

  • SSLyze will now check the server's scan results against the Mozilla "intermediate" configuration (#453).
    • Which Mozilla configuration to use can be configured via --mozilla-config={old, intermediate, modern}.
    • The --mozilla-config option replaces --regular, which has been removed.
  • SSLyze can now be run as a CI/CD step; see the README for more information.
  • The Python API has been significantly simplified (#512). The changes focus on:
    • Reducing how much code is needed in order to run a scan.
    • Improving the typing of the result objects, in order to simplify code that processes scan results.
    • API-breaking changes: Starting a scan and processing the results is now done differently; see the documentation.
  • The JSON output has been significantly simplified.
    • The JSON output's format now fully matches the format of the results within the Python API.
    • An auto-generated JSON schema is also now available at ./json_output_schema.json (#487).
    • The Python documentation can now be used to understand the format for both Python results and JSON results.
  • SSLyze now provides a fully-typed Python API for parsing the JSON output of previously-run scans (#487).
    • parsed_json_result = SslyzeOutputAsJson.parse_file("result.json")
    • This can be used for example to process the results of SSLyze scans in a separate Python program.
  • HTTP headers testing: the Public-Key-Pins headers are no longer checked by SSLyze, as the pinning feature has been removed from most browsers (#506).
    • API-breaking changes:
      • The public_key_pins_header and public_key_pins_report_only_header fields have been removed from HttpHeadersScanResult.
  • Session resumption testing: the --resum scan command has been updated to provide better insights into how the server supports session resumption (#53).
    • The command will now attempt multiple resumptions using TLS tickets, similarly to what it already does for resumptions with Session IDs. Previously, it would only perform a single resumption attempt when testing TLS Tickets.
    • The new command --resum_attempts can be used in order to configure how many session resumptions --resum will attempt; it is set to 5 by default.
      • python -m sslyze --resum --resum_attempts=20 www.google.com
    • API-breaking changes:
      • The fields within SessionResumptionSupportScanResult have been renamed and updated,
      • The --resum_rate command, ScanCommand.SESSION_RESUMPTION_RATE and the SessionResumptionRateScanResult class have been removed. The --resum_attempts command and SessionResumptionSupportExtraArguments class should be used instead.
  • Misc bug fixes for when scanning servers with exotic TLS or network configurations (#531, #532, #533).
Check out latest releases or
releases around nabla-c0d3/sslyze 5.0.0

Don't miss a new sslyze release

NewReleases is sending notifications on new releases.

Get notifications