Sslyze

Changelog
- Added `--json_out` command for writing results to a file as JSON.
- Bug fixes with client authentication and connectivity testing.
- The `--certinfo_basic` command now also checks that the server certificate chain's order is valid.

Changelog
- Major rewrite and cleanup in order to:
- Turn SSLyze into a Python module, allowing scans to be run and processed directly from Python
- Add SSLyze to [PyPi](https://pypi.python.org/pypi/SSLyze)
- These changes should make it easy to build tools and scripts on top of SSLyze
- Renamed the command line tool to _sslyze_cli.py_ to avoid conflicts with the `sslyze` module
- Added the `--fallback` command to check support for the `TLS_FALLBACK_SCSV` cipher suite, which prevents downgrade attacks
- Added the `--openssl_ccs` command to check for the OpenSSL CCS Injection vulnerability
- Renamed the `--certinfo=basic` and `--certinfo=full` commands to `--certinfo_basic` and `--certinfo_full`
- Removed the `--chrome_sha1` command and merged the SHA1 deprecation check into `--certinfo_basic`
- Fixed support for client authentication
- Extended support for scanning through a CONNECT proxy to StartTLS protocols
- Modified cipher suite plugin to return RFC cipher names instead of OpenSSL cipher names

Changelog
- Added the Google trust store for certificate validation and updated the Apple, Microsoft and Mozilla stores.
- A full (client) certificate chain can now be supplied when using client certificates.
- Added the ability to print the XML output to the console using --xml_out -.
- Various bug fixes including TLS errors that were mistakenly reported as network timeouts.
- Updated list of OIDs for identifying EV certificates.
- Updated OpenSSL to 1.0.2d, which fixes issues with certificate path validation when using --certinfo.

Changelog
- Added support for Postgres StartTLS
- Added the --ca_file option for specifying a local trust store to validate the server's certificate
- Added the --quiet option to hide any text output when using --xml_out
- Improved the formatting of the XML output to make it easier to parse and more useful; this will break any tool that was processing the XML output from previous versions, but an XML Schema Definition is now available in SSLyze's root folder
- Bug fixes for EC certificates, HSTS, XMPP and LDAP
- Updated OpenSSL to 1.0.2a
- Updated Microsoft, Apple and Mozilla trust stores

Changelog
- PluginOpenSSLCipherSuites now displays the size of the handshake's Diffie-Hellmann parameters
- SSLyze on Windows is now packaged as a single .exe file
- PluginCertInfo now displays the server's full certificate chain instead of its leaf certificate only, in both the console and XML results
- PluginHSTS now properly detects HSTS headers when receiving HTTP redirections
- New plugin to check if a server is affected by Chrome's deprecation of SHA1-signed certificates. See --chrome_sha1
- Clarified the console output of most plugins and checks
- Bug fixes for XML output and client certificate support
- Updated OpenSSL to 1.0.1i
- Updated Microsoft, Apple and Mozilla trust stores

Changelog
- Experimental support for Heartbleed detection; see --heartbleed. Heartbleed detection has also been added to --regular scans
- Capped the maximum number of concurrent connections to around 30 per server in order to avoid DOSing the scanned servers. Scans are slightly slower but a lot less aggressive, resulting in better scan results with less timeout and connection errors
- Support for Basic Authentication when tunneling scans through an HTTPS proxy with --https_tunnel
- Bug fixes for IPv6 and XMPP support
- Updated OpenSSL to 1.0.1g
- Updated the Apple, Microsoft, Mozilla and Java trust stores
- Cleaned up the text output of PluginOpenSSLCipherSuites