6.0.0

• Added support for Python 3.12 (#630).
• Removed support for Python 3.7 (#616).
• Switched to Python Cryptography's implementation of certificate validation, in order to simplify the validation logic and make it more reliable (#638).
  • Removed direct dependency to pyOpenSSL.
  • Removed usages of ssl.match_hostname() (#627).
  • JSON output changes for the certificate information plugin:
    • leaf_certificate_subject_matches_hostname has been removed because hostname validation is now directly reported in the path_validation_results, which makes it simpler to process them.
    • Similarly, openssl_error_string was renamed to validation_error.
• Fixed crash caused by "invalid padding" and "invalid encoding" errors (#632, #634).
• Better output when an SMTP EHLO is rejected ( #635).

5.2.0

• Fixed crashes affecting specific Linux distributions such as Red Hat Linux and CentOS (#556, #621).
• Fixed a bug when probing TLS 1.3 servers that require client authentication (#612).
• Fixed a crash when using the JSON output with the MozillaTlsConfigurationChecker (#614).
• Added support for pydantic 2.x (#611).
• Added support for cryptography 40 and 41 (#610).
• Updated Windows executable to use Python 3.11 (#588).
• Updated Mozilla configuration recommendations to v5.7 (#608).
• Better handling of servers that only support SSL v2.0 (#601).
• WARNING: This is the last release to support Python 3.7.
• WARNING: This is the last release to support pydantic 1.x.

5.1.3

• Added native support for Apple Silicon (nabla-c0d3/nassl#107).
• Fixed a crash when using older versions of PyOpenSSL (#600).
• WARNING: This is the last release to support Windows 7.

5.1.2

• Updated cryptography to v39 (#596).
• Updated the trust stores.

5.1.1

• Fixed compatibility with specific versions of pydantic (#590).

5.1.0

• Added support for Python 3.11 (#582).
• Added support for Brainpool curves when running --elliptic_curves (#545).
• Added support for validating certificates with IP addresses in their Subject Alternative Name (#544).
• Fixed memory leaks when performing certificate validation by switching to pyOpenSSL (#566).
• Fixed a crash with pydantic v1.10.3 (#586).
• Removed check for the Expect-CT HTTP header when running --http_headers as the header has been deprecated (#584).
• Fixed a crash when exporting results to JSON when an HTTP proxy was used (#581).

5.0.6

• Fixed a bug where no scans were run when using specific combinations of CLI options (#575).
• Added support for more TLS stacks when connecting and scanning for elliptic curves (#579, #562).
• Better CLI output when connectivity to the server is flaky (#534).
• Added support for pydantic 1.10 (#576).
• Documented how to export results to JSON via the Python API (#571).

5.0.5

• Fixed an error when scanning a server with a specific behavior regarding client authentication (#555).
• Fixed an error when using --openssl_ccs on specific servers (#548).
• Added support for cryptography 37.0.0 (#565).
• Updated the embedded trust stores.

5.0.4

• Reduced memory usage, and fixed a memory leak when running multiple scans in a row via the Python API (#560).

5.0.3

• Fixed a crash when no valid server strings had been supplied via the command line (#557).
• Fixed a crash when serializing the result of running --http_headers to JSON (#554).
• Checking the server's scan results against the Mozilla configurations can be disabled using --mozilla_config=disable (#551).