1.4.2

• Added the Java trust store as an additional store for validating the server's certificate (#287).
• Various bug fixes (#312, #313, #314, #315, #316)

1.4.1

• Added detection of Symantec-issued certificates when using --certinfo or CertificateInfoScanCommand (#288); such certificates will stop working in future versions of Chrome.
• Bug fixes for when scanning through a proxy.

1.4.0

• Last major release to support Python 2.7 and 3.4.
• The Python API has changed slightly when doing connectivity testing.
  • A guide on how to update your code is available here. The migration should only require changing a few lines of code.
• When using the Python API, more specialized errors (ie. subclasses of ServerConnectivityError) are returned when connectivity testing failed, so that it is easier to know what went wrong. Your existing code should still work the same.
• Replaced the --timeout and --nb_retries CLI options with --slow_connection, for when the connection is slow or the server cannot support many concurrent connections.
• Updated TLS 1.3 support to draft 23.
• Bug fixes for client authentication.
• Bug fixes Alpine Linux.

1.3.4

• Bug fixes for the ROBOT check to address false positives (#282).
• The trust stores used by SSLyze can now be updated via the CLI (--update_trust_stores) or via the Python API (TrustStoresRepository.update_default()) (#225).
• Added support for the Expect CT HTTP header (#285) when using -http_headers.

1.3.2

• Added missing IANA names for some cipher suites (#276).
• Improved speed when testing for TLS 1.3 cipher suites using --tlsv1_3.
• Updated the trust stores used when running --certinfo.
• Bug fix for OCSP responses containing non-UTF8 characters when running --certinfo.
• On Linux, nassl is now available as a binary wheel in order to avoid build and OpenSSL issues (#241).
• Project license modified to AGPL.

1.3.1

• Bug fix for the ROBOT check (#270). The check can be run using:
  • The CLI tool: python -m sslyze --robot www.google.com
  • SSLyze's Python API using the RobotScanCommand, as described at https://nabla-c0d3.github.io/blog/2017/12/17/sslyze-robot-scan/.

1.3.0

• Added a new plugin to scan for the ROBOT vulnerability (https://robotattack.org/). The check can be run using:
  • The CLI tool: python -m sslyze --robot www.google.com
  • SSLyze's Python API using the RobotScanCommand, as described at https://nabla-c0d3.github.io/blog/2017/12/17/sslyze-robot-scan/.
• The --certinfo and CertificateInfoScanCommand commands now return information about the OCSP Must-Staple and Certificate Transparency X509 extensions of the server's certificate.
• The --certinfo command now returns the content of the server certificate's SubjectAltName in the JSON and XML outputs (#265).
• Fixed several memory leaks in the nassl C extension. The memory usage of the SSLyze process will grow a lot slower over time (#196).
• Fixed bug when running the --reneg command on Python 3 (#264).
• Switched minimum version of Python to 3.4.

1.2.0

• Added support for TLS 1.3 (draft 18) scanning using OpenSSL 1.1.1 dev.
  • python -m sslyze --tlsv1_3 tls13.crypto.mozilla.org
• Added support for new-style ChaCha20 cipher suites.
• Added some of the certificate fields to the JSON output (#258).
• Bug fix for Python 3 (#251, #256), OCSP Stapling (#254), IPv6 and the Heartbleed/CCS checks (#257).

1.1.5

• Fixed JSON output when using Python 2.7 (#246).
• Fixed CLI output for showing whether a certificate is EV or not (#245).
• Fixed ConcurrentScanner when using Python 3.6 (#251).

1.1.4

• Switch pre-compiled Windows executable from 64 bits to 32 bits for better compatibility.
• Fix dependency version in the setup.py file.