1.1.3

• Added support for Python 3.6 on Windows. This is also the last release to support Python 2.7 on Windows. Python 2 and 3 will still be supported on other platforms (Linux, macOS).
• Added a pre-compiled executable for running SSLyze on Windows without having to install Python.
• Fixed bugs with StartTLS scans.
• Further improved stability of the new implementation of the Heartbleed and OpenSSL CCS checks.
• Added basic certificate fields (Subject, Issuer, etc.) to the XML output.

1.1.2

• Full rewrite of the Heartbleed and CCS checks to fix timeouts and other errors, and to improve maintainability.
• Improvements to the XML output when running the --certinfo command.

1.1.1

• Bug fixes for EC certificates.
• Bug fixes for the Heartbleed check.

1.1.0

• Added support for Python 3.3+ on Linux and MacOS. Windows will be supported later.
• Added support for scanning for cipher suites on servers that require client authentication.
• Certificate transparency SCTs via OCSP Stapling will be now displayed when running a CertificateInfoScanCommand.
• Removed custom code for parsing X509 certificates, which was the source of numerous bugs and crashes when running a CertificateInfoScanCommand:
  • Certificates returned by the SSLyze Python API are now parsed using the cryptography library, making further processing a lot easier and cleaner.
  • Certificates returned in the XML and JSON output when using --certinfo are no longer parsed. XML/JSON consumers should instead parse the PEM-formatted certificate available in the output using their language/framework's X509 libraries.
  • The --print_full_certificate option when using --certinfo is no longer available.
• Bug fixes for the Heartbleed check.
• Added unit tests for SSL 2.0, SSL 3.0, Heartbleed and OpenSSL CCS injection checks.

1.0.0

• Significant refactoring to simplify and enhance SSLyze's Python API. It is now fully documented and should be considered stable; see http://nabla-c0d3.github.io/sslyze/documentation/.
• Renamed --certinfo_basic command to --certinfo for consistency with other plugins.
• The --certinfo command will now use any trust store that successfully validated the server's certificate chain to run further checks against the server's chain (such as the chain order, or the presence of a SHA1-signed certificate), instead of only trying with the Mozilla trust store.
• The --certinfo command will now properly validate OCSP Stapling even if it is not trusted by any trust store.
• Various bug fixes.
• Significant internal changes including:
  • A revamped plugin system that is a lot simpler to maintain and extend.
  • Simplified interface for building custom output generators within the CLI tool.
  • Progress toward Python3 compatibility.
• With a clean, fully documented Python API, SSLyze is now ready for a 1.0.0 release!

0.14.2

• The cipher suite tests (such as --tlsv1_2) will only return a preferred cipher suite if the server has a cipher suite preference (as opposed to following the client's preference).
• Bug fixes for --https_tunnel and -starttls=postgres.
• Refactored how the CLI tool generates its output to make it extendable.

0.14.1

• Bug fixes for --http_headers, --tlsv1_2 and --json_out.
• Updated version of OpenSSL.
• The command line tool was moved from ./sslyze_cli.py to ./sslyze/__main__.py and can be called using python -m sslyze.
• When sending HTTP requests, SSLyze's User-Agent header now contains SSLyze for easier identification.

0.14.0

• --certinfo_basic will now return the server's "verified" certificate chain, if the server's certificate is trusted; the chain contains every certificate from the server's leaf certificate up to a root certificate included in the Mozilla store.
• Renamed --hsts to --http_headers; the command will now return HTTP Public Key Pinning information including the server's HPKP header value and the HPKP pins for each certificate in the server's verified certificate chain.
• Bug fixes for IPv6 support, exotic certificates, SHA-1 deprecation check and scanning through an HTTP proxy.

0.13.6

• Added the Android Open Source Project's trust store when using --certinfo.
• Bug fixes for IPv6 support, --nb_retries, --nb_timeout and UTF-8 and internationalized names in certificates.
• --hsts no longer raises an exception when the server sends back a redirection to HTTP.

0.13.5

• Various bugs fixes.