Sslyze

Latest version: v6.0.0

Safety actively analyzes 630406 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 12

5.0.0

This major release focuses on improving the reliability of the scans, simplifying the Python API and JSON output, and adding support for checking a server's TLS configuration against Mozilla's recommended configuration.

* SSLyze will now check the server's scan results against the Mozilla "intermediate" configuration (453).
* Which Mozilla configuration to use can be configured via `--mozilla-config={old, intermediate, modern}`.
* The `--mozilla-config` option replaces `--regular`, which has been removed.
* SSLyze can now be run as a CI/CD step; see the README for more information.
* The Python API has been significantly simplified (512). The changes focus on:
* Reducing how much code is needed in order to run a scan.
* Improving the typing of the result objects, in order to simplify code that processes scan results.
* **API-breaking changes**: Starting a scan and processing the results is now done differently; see the [documentation](https://nabla-c0d3.github.io/sslyze/documentation/running-a-scan-in-python.html).
* The JSON output has been significantly simplified.
* The JSON output's format now fully matches the format of the results within the Python API.
* An auto-generated JSON schema is also now available at *./json_output_schema.json* (487).
* The [Python documentation](https://nabla-c0d3.github.io/sslyze/documentation/) can now be used to understand the format for both Python results and JSON results.
* SSLyze now provides a fully-typed Python API for [parsing the JSON output](https://nabla-c0d3.github.io/sslyze/documentation/json-output.html) of previously-run scans (#487).
* `parsed_json_result = SslyzeOutputAsJson.parse_file("result.json")`
* This can be used for example to process the results of SSLyze scans in a separate Python program.
* HTTP headers testing: the Public-Key-Pins headers are no longer checked by SSLyze, as the pinning feature has been removed from most browsers (506).
* **API-breaking changes**:
* The `public_key_pins_header` and `public_key_pins_report_only_header` fields have been removed from `HttpHeadersScanResult`.
* Session resumption testing: the `--resum` scan command has been updated to provide better insights into how the server supports session resumption (53).
* The command will now attempt multiple resumptions using TLS tickets, similarly to what it already does for resumptions with Session IDs. Previously, it would only perform a single resumption attempt when testing TLS Tickets.
* The new command `--resum_attempts` can be used in order to configure how many session resumptions `--resum` will attempt; it is set to 5 by default.
* `python -m sslyze --resum --resum_attempts=20 www.google.com`
* **API-breaking changes**:
* The fields within `SessionResumptionSupportScanResult` have been renamed and updated,
* The `--resum_rate` command, `ScanCommand.SESSION_RESUMPTION_RATE` and the `SessionResumptionRateScanResult` class have been removed. The `--resum_attempts` command and `SessionResumptionSupportExtraArguments` class should be used instead.
* Misc bug fixes for when scanning servers with exotic TLS or network configurations (531, 532, 533).

4.1.0

* SSLyze's memory usage has been **significantly reduced** when scanning a lot of servers concurrently (511).
* This will make it easier to deploy SSLyze to environments where memory is limited, such as AWS Lambda.
* For example, when queuing 100 server scans, memory usage will now reach a maximum of **150 MB**, instead of **1400 MB** in previous versions of SSLyze.
* Fixed errors when running `http_headers` on specific server software (517, 516).
* Removed usage of pipenv and switched back to a `requirements.txt`.

4.0.4

* Fixed errors when running `--elliptic_curves` on specific server software (490).
* Better error reporting when running `--http_headers` on a server that doesn't speak HTTP (499, 500).
* See also the new `HttpHeadersScanResult.http_error_trace` field in the Python API.

4.0.3

* Updated the JSON output to be more stable, to allow diffing the JSON output of successive scans against the same server (491).
* Fixed errors when scanning a server that only supports TLS 1.3 (488).
* Fixed error when running `--robot` on an nginx server configured to require client authentication (484).
* Fixed crash due to malformed HTTP headers (498).
* Better reporting when scanning unresponsive servers (501).
* Fixed error when an invalid certificate is deployed on the server (495).
* Fixed error when running `--reneg` on Indy TCP server (483).

4.0.2

* Fixed an issue with servers requiring client authentication and SSLyze reporting some TLS versions as unsupported (472).
* Fixed a crash when parsing an OCSP response with no "Next Update" field (481).
* Updated the trust stores.

4.0.1

* Updated the version of cryptography in the setup.py (467).
* Fixed a crash when displaying non-successful OCSP responses (477).

Page 3 of 12

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.