nabla-c0d3 · nabla-c0d3 · Jan 3, 2025 · Oct 22, 2023 · Apr 11, 2024 · Jan 23, 2024
diff --git a/.dockerignore b/.dockerignore
@@ -2,4 +2,5 @@
 **/__pycache__
 /tests
 /docs
-/.github
+/.github
+/.git
diff --git a/.github/workflows/build_windows_exe.yml b/.github/workflows/build_windows_exe.yml
@@ -30,6 +30,6 @@ jobs:
     - name: Build Windows executable
       run: python setup.py build_exe
 
-    - uses: actions/upload-artifact@v2
+    - uses: actions/upload-artifact@v4
       with:
         path: ./build/*
diff --git a/.github/workflows/release_to_docker.yml b/.github/workflows/release_to_docker.yml
@@ -39,7 +39,7 @@ jobs:
         with:
           context: ./
           file: ./Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64, linux/arm64
           push: true
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.8, 3.9, "3.10", "3.11", "3.12"]
+        python-version: [3.9, "3.10", "3.11", "3.12", "3.13"]
 
     steps:
     - uses: actions/checkout@v4
@@ -34,7 +34,7 @@ jobs:
 
     - name: Run linters
       # Only do linting once
-      if: matrix.python-version == 3.8
+      if: matrix.python-version == 3.9
       run: python -m invoke lint
 
     - name: Run tests

diff --git a/.github/workflows/run_tests_with_lowest_pydantic_version.yml b/.github/workflows/run_tests_with_lowest_pydantic_version.yml
@@ -15,15 +15,15 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: 3.9
 
       - name: Install sslyze dependencies
         run: |
           python -m pip install --upgrade pip setuptools
           python -m pip install -e .
 
-      - name: Install pydantic 2.2
-        run: python -m pip install "pydantic==2.2"
+      - name: Install pydantic 2.3
+        run: python -m pip install "pydantic==2.3"
 
       - name: Install dev dependencies
         run: python -m pip install -r requirements-dev.txt

diff --git a/.github/workflows/scan_apache2_server.yml b/.github/workflows/scan_apache2_server.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: 3.9
 
       - name: Install Apache2
         run: |

diff --git a/.github/workflows/scan_iis_server.yml b/.github/workflows/scan_iis_server.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: 3.9
 
       - name: Install IIS
         run: |

diff --git a/.github/workflows/scan_nginx_server.yml b/.github/workflows/scan_nginx_server.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: 3.9
 
       - name: Install Nginx
         run: |

diff --git a/.github/workflows/test_module_setup.yml b/.github/workflows/test_module_setup.yml
@@ -16,7 +16,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: 3.8
+        python-version: 3.9
 
     - name: Install pip
       run: |

diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,23 @@
-FROM python:3.9-slim
+# set python version
+ARG PYTHON_VERSION="3.12"
+
+FROM docker.io/python:${PYTHON_VERSION}-slim AS build
 COPY . /sslyze/
-# install latest updates as root
-RUN apt-get update \
-        && apt-get install -y sudo
+WORKDIR /sslyze
+# use a venv
+RUN python -m venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
 # install sslyze based on sourcecode
-RUN python -m pip install --upgrade pip setuptools wheel
-RUN python /sslyze/setup.py install
+RUN pip install --upgrade pip setuptools wheel
+RUN pip install .
+
+FROM docker.io/python:${PYTHON_VERSION}-slim AS run
 # set user to a non-root user sslyze
 RUN adduser --no-create-home --disabled-password --gecos "" --uid 1001 sslyze
 USER sslyze
-# restrict execution to sslyze
 WORKDIR /sslyze
-ENTRYPOINT ["python", "-m", "sslyze"]
-CMD ["-h"]
+# copy sslyze from build stage
+COPY --from=build /opt/venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
+ENTRYPOINT ["sslyze"]
+CMD ["-h"]
diff --git a/README.md b/README.md
@@ -39,7 +39,7 @@ $ python -m sslyze www.yahoo.com www.google.com "[2607:f8b0:400a:807::2004]:443"
 It can also be used via Docker:
 
 ```
-$ docker run --rm -it nablac0d3/sslyze:6.0.0 www.google.com
+$ docker run --rm -it nablac0d3/sslyze:6.1.0 www.google.com
 ```
 
 Lastly, a pre-compiled Windows executable can be downloaded from [the Releases
@@ -104,7 +104,7 @@ $ invoke test
 License
 -------
 
-Copyright (c) 2024 Alban Diquet
+Copyright (c) 2025 Alban Diquet
 
 SSLyze is made available under the terms of the GNU Affero General Public License (AGPL). See LICENSE.txt for details and exceptions.
 

diff --git a/api_sample.py b/api_sample.py
@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import datetime, timezone
 from pathlib import Path
 from typing import List
 
@@ -25,7 +25,7 @@ def _print_failed_scan_command_attempt(scan_command_attempt: ScanCommandAttempt)
 
 def main() -> None:
     print("=> Starting the scans")
-    date_scans_started = datetime.utcnow()
+    date_scans_started = datetime.now(timezone.utc)
 
     # First create the scan requests for each server that we want to scan
     try:
@@ -104,7 +104,7 @@ def main() -> None:
     # Lastly, save the all the results to a JSON file
     json_file_out = Path("api_sample_results.json")
     print(f"\n\n=> Saving scan results to {json_file_out}")
-    example_json_result_output(json_file_out, all_server_scan_results, date_scans_started, datetime.utcnow())
+    example_json_result_output(json_file_out, all_server_scan_results, date_scans_started, datetime.now(timezone.utc))
 
     # And ensure we are able to parse them
     print(f"\n\n=> Parsing scan results from {json_file_out}")

diff --git a/docs/available-scan-commands.rst b/docs/available-scan-commands.rst
@@ -149,7 +149,6 @@ Result class
 
 .. autoclass:: HttpHeadersScanResult
 .. autoclass:: StrictTransportSecurityHeader
-.. autoclass:: ExpectCtHeader
 
 OpenSSL CCS Injection
 *********************
@@ -170,3 +169,14 @@ Result class
 ============
 
 .. autoclass:: SessionRenegotiationScanResult
+
+
+Extended Master Secret
+**********************
+
+**ScanCommand.TLS_EXTENDED_MASTER_SECRET**: Test a server for TLS Extended Master Secret extension support.
+
+Result class
+============
+
+.. autoclass:: EmsExtensionScanResult
diff --git a/docs/conf.py b/docs/conf.py
@@ -70,7 +70,7 @@
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
-language = None
+language = "en"
 
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.

diff --git a/docs/documentation/.buildinfo b/docs/documentation/.buildinfo
@@ -1,4 +1,4 @@
 # Sphinx build info version 1
-# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: f71b8d947628f4c16f8ec17ec85934ab
+# This file records the configuration used when building these files. When it is not found, a full rebuild will be done.
+config: 094768c3cd394a7960733fba4a2e0033
 tags: 645f666f9bcd5a90fca523b33c5a78b7