This major release focuses on improving the reliability of the scans, simplifying the Python API and JSON output, and adding support for checking a server's TLS configuration against Mozilla's recommended configuration.
* SSLyze will now check the server's scan results against the Mozilla "intermediate" configuration (453).
* Which Mozilla configuration to use can be configured via `--mozilla-config={old, intermediate, modern}`.
* The `--mozilla-config` option replaces `--regular`, which has been removed.
* SSLyze can now be run as a CI/CD step; see the README for more information.
* The Python API has been significantly simplified (512). The changes focus on:
* Reducing how much code is needed in order to run a scan.
* Improving the typing of the result objects, in order to simplify code that processes scan results.
* **API-breaking changes**: Starting a scan and processing the results is now done differently; see the [documentation](https://nabla-c0d3.github.io/sslyze/documentation/running-a-scan-in-python.html).
* The JSON output has been significantly simplified.
* The JSON output's format now fully matches the format of the results within the Python API.
* An auto-generated JSON schema is also now available at *./json_output_schema.json* (487).
* The [Python documentation](https://nabla-c0d3.github.io/sslyze/documentation/) can now be used to understand the format for both Python results and JSON results.
* SSLyze now provides a fully-typed Python API for [parsing the JSON output](https://nabla-c0d3.github.io/sslyze/documentation/json-output.html) of previously-run scans (#487).
* `parsed_json_result = SslyzeOutputAsJson.parse_file("result.json")`
* This can be used for example to process the results of SSLyze scans in a separate Python program.
* HTTP headers testing: the Public-Key-Pins headers are no longer checked by SSLyze, as the pinning feature has been removed from most browsers (506).
* **API-breaking changes**:
* The `public_key_pins_header` and `public_key_pins_report_only_header` fields have been removed from `HttpHeadersScanResult`.
* Session resumption testing: the `--resum` scan command has been updated to provide better insights into how the server supports session resumption (53).
* The command will now attempt multiple resumptions using TLS tickets, similarly to what it already does for resumptions with Session IDs. Previously, it would only perform a single resumption attempt when testing TLS Tickets.
* The new command `--resum_attempts` can be used in order to configure how many session resumptions `--resum` will attempt; it is set to 5 by default.
* `python -m sslyze --resum --resum_attempts=20 www.google.com`
* **API-breaking changes**:
* The fields within `SessionResumptionSupportScanResult` have been renamed and updated,
* The `--resum_rate` command, `ScanCommand.SESSION_RESUMPTION_RATE` and the `SessionResumptionRateScanResult` class have been removed. The `--resum_attempts` command and `SessionResumptionSupportExtraArguments` class should be used instead.
* Misc bug fixes for when scanning servers with exotic TLS or network configurations (531, 532, 533).