SSL Labs Changelog

Document created by Ivan Ristić on Jul 21, 2016Last modified by Ivan Ristić on Apr 3, 2017
Version 28Show Document
  • View in full screen mode

Version 1.28.3

Released to production 3 April 2017.

 

New Features

  • Grading change: 3DES and other ciphers that use short block-sizes are now deprecated (blog post)
  • Grading change: SHA1 is now deprecated (blog post)
  • Ticketbleed (CVE-2016-9244) vulnerability detection #458
  • Added support for static public key pinning (based on Chromium source code)
  • Added detection of ALPN protocols

Fixes

  • Unexpected version number: 250 (#473)
  • EV certificate OIDs not parsed correctly (#452)
  • Better CAA documentation (#449)
  • Certificate serial numbers not displayed in API (#453)

 

Version 1.26.5

Released to production on 13 January 2017.

 

New Features

  • Improved cipher suite testing. Results are now provided on per-protocol basis and also without SNI. The testing is also faster.
  • Detection of CAA policies (#274)
  • Detection of ECDHE server parameter reuse
  • New test to determine all server-supported named curves and the order of preference (#391)
  • API v3 extended to have simulations include negotiated DHE and ECDHE parameters (#403)
  • SSL Client Test: added support for GREASE suites (#423)
  • SSL Client Test: added support for TLS 1.3 suites (#427)

Fixes

  • Incorrect key exchange reported on some servers (#431)

 

Version 1.25.2

Released to production on 19 November 2016.

 

New Features

  • Now showing all certificates discovered during assessment. This includes RSA, ECDSA and non-SNI certificates.
  • New mini SSL Labs site for Secure128: secure128.ssllabs.com
  • Improved high-resolution report icons

Fixes

  • When an assessment stops because of certificate name mismatch, the list of suggested hostnames to try was empty.
  • Intermediates reported as invoked when only the leaf is revoked (#408)
  • Missing "Ignore mismatch" option in some cases (#412)
  • HSTS false negative in some case (#416)
  • No error messages for insecure ciphers (#419)

 

Version 1.24.4

Released to production on 21 October 2016.

 

New Features

  • New User Agents added: Firefox 49, Android 7, Chrome 53, Safari 10, Chrome 49/XP, and so on.

Fixes

  • Incorrect "contains anchor message for self-signed certificates (#324)
  • SSL Labs not showing HSTS on www.google.com (#374)
  • Warning required if not all trust paths are pinned (#375)
  • Domains preloaded for pinning in Chrome show as preloaded for HSTS (#392)
  • Error with chain of trust with multiple intermediates with same name (#332)
  • Remove "viaform" parameter when report is cached (#395)
  • Checking preloading with Tor doesn't work in production (#394)
  • Discrepancy between the API and the website regarding the strength of 3DES ciphers (discussion thread)
  • API hpkpPolicy object pins encoding issue (#400)
  • API Simulation object should contain DHE and ECDHE information (#403)

 

Version 1.24.0

Released to production on 1 September 2016.

 

New Features

  • Google's experimental post-quantum suites correctly detected in the client test (#384)
  • Intolerance information exposed in the API (#370)
  • Added Content Security Policy headers
  • Added a link to beekpr-ssllabs (#366)

 

Version 1.23.50

Released to production on 21 July 2016.

 

New Features

  • Detection of must-staple certificates (#347)
  • Firefox 47 supports ChaCha20/Poly1305 cipher suites (#351)
  • Added support for "new" Windows cipher suites (#358)
  • Improved usage of HTTP security headers on SSL Labs web site itself

Fixes

  • RC4 is marked as weak instead of insecure (#273)
  • API: incorrect rc4WithModern value (#360)
3 people found this helpful

Attachments

    Outcomes