1.0.0

1.0.0 - 2025-01-05

Refactor

• Generic
  • Support only Python version greater or euqal than 3.9
  • Use pyproject.toml instead of setup.py

0.12.6

Features

• Generic
  • add HTTP proxy support (#152)

Improvements

• TLS (tls)
  • support "to" field during XMPP server analysis (#150)
  • support capability generation for most modern TLS clients (#147)

Notable fixes

• TLS (tls)
  • handle XMPP servers do not require STARTTLS (#149)

Refactor

• TLS (tls)
  • Move elliptic-curve parameters to CryptoDataHub (#144)

0.12.5

Features

• TLS (tls)
  • Elliptic Curves (curves)

    • add missing PQC named curves (#145)

      KYBER_512_R3, KYBER_768_R3, KYBER_1024_R3,
      SECP256R1_KYBER_512_R3, SECP256R1_KYBER_768_R3,
      SECP384R1_KYBER_768_R3, SECP521R1_KYBER_1024_R3,
      X25519_KYBER_512_R3, X25519_KYBER_768_R3

Improvements

• TLS (tls)
  • Simulations (simulations)
    • Consider scheme during TLS client simulation (#146)

0.12.4

Notable fixes

• DNS (dns)
• Generic
  • handle CNAME records (#142)
• TLS (tls)
  • All (all)
    • check curves using highest available version to recognize possibly supported PQC curves (#141)
  • Simulations (simulations)
    • consider protocol versions supported by the clients (#143)

0.12.3

Features

• TLS (tls)
  • Versions (versions)
    • add checker for inappropriate fallback alerts (#139)
  • Vulnerabilities (vulns)
    • add checker for insecure protocol versions (#137)
    • add checker for inappropriate fallback alerts (#139)

Notable fixes

• TLS (tls)
  • Ciphers (ciphers)
    • fix calculation of cipher suites relates to a certain
      version (#138)
    • fix cipher suite check when server does not support long
      cipher suite list (#135)
  • Diffie-Hellman (dhparams)
    • add missing SSLv3 support (#136)
  • Vulnerabilities (vulns)
    • fix calculation of missing forward secrecy (#134)

0.12.2

Features

• SSH (ssh)
  • Vulnerabilities (vulns)
    • checker for well-known vulnerabilities (#130)
      • Sweet32 attack
      • Anonymous Diffie-Hellman
      • NULL encryption
      • RC4
      • Non-Forward-Secret
      • Early SSH version
      • Weak Diffie-Hellman
      • DHEat attack
      • Terrapin attack

Improvements

• Generic
  • add metadata to documentation

Notable fixes

• TLS (tls)
  • Signature Algorithms (sigalgos)
    • Handle decode error as a signal of no more algorithms.
      (#129)
• DNS (dns)
  • e-mail authentication, reporting (mail)
    • Handle the case when a domain has no TXT records (#132)

0.12.1

Notable fixes

• TLS
  • All (all)
    • handle server support only 1.3 version in all analyzer (#111)
  • Simulations (simulations)
    • fix markdown generation in the case of TLS client versions (#80)
  • Generic
    • avoid sending large records cause unexpected response from server (#127)
• SSH
  • Ciphers (ciphers)
    • handle deprecated but not weak algorithms (#126)

Improvements

• SSH
  • handle deprecated but not weak algorithms (#126)

0.11.2

Features

• HTTP (http)
  • Content (content)
    • checker for subresource integrity (#86)
    • checker for unencrypted content (#120)

Improvements

• TLS (tls)
  • Simulations (simulations)
    • grade key exchange sizes (#121)

Notable fixes

• Generic
  • handle not graded algorithms (#122)

0.11.1

Features

• TLS (tls)
  • Elliptic Curves (curves)
    • add support for post-quantum safe hybrid (Kyber) algorithms (#119)
• SSH (ssh)
  • Public Keys (pubkeys)
    • X.509 certificate and certificate chain support (#70)

0.11.0

Features

• Generic
  • colorized output based on the security strength of the cryptographic algorithms and key sizes (#94)
  • documentation of command-line interface (#117)
  • documentation of Python API (#117)