diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b0cf618..6960e4e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ SSLyze Changelog ---------------- +## v0.9 +* Experimental support for Heartbleed detection; see --heartbleed. Heartbleed detection has also been added to --regular scans. +* Capped the maximum number of concurrent connections to around 30 per server in order to avoid DOSing the scanned servers. Scans are slightly slower but a lot less aggressive, resulting in better scan results with less timeout and connection errors +* Support for Basic Authentication when tunneling scans through an HTTPS proxy with --https_tunnel +* Bug fixes for IPv6 and XMPP support +* Updated OpenSSL to 1.0.1g +* Updated the Apple, Microsoft, Mozilla and Java trust stores +* Cleaned up the text output of PluginOpenSSLCipherSuites + + ## v0.8 * Additional certificate chain validation using the Apple, Microsoft and Java trust stores in addition to Mozilla's * Added support for StartTLS RDP; see --starttls=rdp diff --git a/README.md b/README.md index 7655aec4..4f1af4bf 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Key features include: * Multi-processed and multi-threaded scanning (it's fast) * SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility * Performance testing: session resumption and TLS tickets support -* Security testing: weak cipher suites, insecure renegotiation, CRIME and more +* Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more * Server certificate validation and revocation checking through OCSP stapling * Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP * Support for client certificates when scanning servers that perform mutual authentication diff --git a/plugins/PluginHeartbleed.py b/plugins/PluginHeartbleed.py index b6eca5c7..45ba2a94 100644 --- a/plugins/PluginHeartbleed.py +++ b/plugins/PluginHeartbleed.py @@ -132,7 +132,7 @@ class HeartbleedSent(SSLHandshakeRejected): def do_handshake_with_heartbleed(self): # This is nassl's code for do_handshake() modified to send a heartbleed - # payload that will reveal 1 byte of the server's memory + # payload that will send the heartbleed checking payload # I copied nassl's code here so I could leave anything heartbleed-related # outside of the nassl code base try: