SSL Labs Changelog

Version 1.33.1

Released to production on 14 March 2019.

New Feature

• Added 0-RTT test for TLS 1.3 enabled servers (Qualys community)

Version 1.32.15

Version 1.32.13

Released to production on 29 November 2018.

New Features

• TLS v1.3 added in Protocol Support chart of SSL Pulse
• Text color of TLS v1.1 changed to Orange in the scan result  

Version 1.32.6

Released to production on 25 September 2018.

New Features

• TLS v1.3 feature added to SSL Labs

Version 1.32.5

Released to production on 04 September 2018.

New Features

• Trust stores updated
• Distrust all Symantec CA Certificates

Fixes

• Unable to scan servers that have a ECGOST3410 certificate (#113)
• Symantec distrust warning shown for new DigiCert certificate (Qualys Community)

Version 1.32.3

Released to production on 17 July 2018.

New Features

• TLS 1.3 server test updated to final draft 28

Version 1.32.2

Released to production on 05 June 2018.

New Features

• TLS 1.3 server test updated to final draft 23
• ROBOT graph chart added to SSL Pulse
  
  

Version 1.31.0

Released to production on 1 March 2018.

New Features

• Grading change: Grading changes for ROBOT vulnerability, Forward secrecy and AEAD ciphers (blog post)
• Grading change: Distrust Symantec certificates issued before June 2016 (blog post)
• Handshake simulations update: Java 8, Googlebot and Edge 15
• Added ROBOT chart in SSL Pulse charts

Fixes

• SNI-only site should not be considered vulnerable to POODLE (#519)
• Protocol-relative path redirect misinterpreted (#521)

Version 1.30.5

Released to production on 3 January 2018.

New Features

• ROBOT (Return Of Bleichenbacher's Oracle Threat) vulnerability detection
• Added support for certificate validation against multiple trust store (Mozilla Apple Android Java Windows)
• SSL Labs Co-branding site for GeoCert SSL
• Warn if server uses blocked Symantec certificate

Fixes

• Incorrect SSL labs certificate mismatch other domain names

Version 1.29.2

Planned for release to production on 29 June 2017.

New Features

• Detection of TLS 1.3 draft 18 (#352)
• SSL Pulse migrated to the SSL Labs web site
• Warn if SubjectAltName is missing (#486)
• Warn if certificate serial numbers are more than 20 bytes in length (#498)

Fixes

• Support RFC 7919 (#446)
• Check revocation of DROWN certificates (#451)
• CNNIC root shouldn't be fully trusted (#488)
• Explain that simulations don't check trust (#494)
• Links to test.drownattack.com no longer valid (#492)
• News title ampersand double-encoded on the SSL Labs homepage (#491)
• cipher not marked as insecure (#487)
• Windows 10.14393.51 vs Logjam (#377)

Version 1.28.3

Released to production 3 April 2017.

New Features

• Grading change: 3DES and other ciphers that use short block-sizes are now deprecated (blog post)
• Grading change: SHA1 is now deprecated (blog post)
• Ticketbleed (CVE-2016-9244) vulnerability detection #458
• Added support for static public key pinning (based on Chromium source code)
• Added detection of ALPN protocols

Fixes

• Unexpected version number: 250 (#473)
• EV certificate OIDs not parsed correctly (#452)
• Better CAA documentation (#449)
• Certificate serial numbers not displayed in API (#453)

Version 1.26.5

Released to production on 13 January 2017.

New Features

• Improved cipher suite testing. Results are now provided on per-protocol basis and also without SNI. The testing is also faster.
• Detection of CAA policies (#274)
• Detection of ECDHE server parameter reuse
• New test to determine all server-supported named curves and the order of preference (#391)
• API v3 extended to have simulations include negotiated DHE and ECDHE parameters (#403)
• SSL Client Test: added support for GREASE suites (#423)
• SSL Client Test: added support for TLS 1.3 suites (#427)

Fixes

• Incorrect key exchange reported on some servers (#431)

Version 1.25.2

Released to production on 19 November 2016.

New Features

• Now showing all certificates discovered during assessment. This includes RSA, ECDSA and non-SNI certificates.
• New mini SSL Labs site for Secure128: secure128.ssllabs.com
• Improved high-resolution report icons

Fixes

• When an assessment stops because of certificate name mismatch, the list of suggested hostnames to try was empty.
• Intermediates reported as invoked when only the leaf is revoked (#408)
• Missing "Ignore mismatch" option in some cases (#412)
• HSTS false negative in some case (#416)
• No error messages for insecure ciphers (#419)

Version 1.24.4

Released to production on 21 October 2016.

New Features

• New User Agents added: Firefox 49, Android 7, Chrome 53, Safari 10, Chrome 49/XP, and so on.

Fixes

• Incorrect "contains anchor message for self-signed certificates (#324)
• SSL Labs not showing HSTS on www.google.com (#374)
• Warning required if not all trust paths are pinned (#375)
• Domains preloaded for pinning in Chrome show as preloaded for HSTS (#392)
• Error with chain of trust with multiple intermediates with same name (#332)
• Remove "viaform" parameter when report is cached (#395)
• Checking preloading with Tor doesn't work in production (#394)
• Discrepancy between the API and the website regarding the strength of 3DES ciphers (discussion thread)
• API hpkpPolicy object pins encoding issue (#400)
• API Simulation object should contain DHE and ECDHE information (#403)

Version 1.24.0

Released to production on 1 September 2016.

New Features

• Google's experimental post-quantum suites correctly detected in the client test (#384)
• Intolerance information exposed in the API (#370)
• Added Content Security Policy headers
• Added a link to beekpr-ssllabs (#366)

Version 1.23.50

Released to production on 21 July 2016.

New Features

• Detection of must-staple certificates (#347)
• Firefox 47 supports ChaCha20/Poly1305 cipher suites (#351)
• Added support for "new" Windows cipher suites (#358)
• Improved usage of HTTP security headers on SSL Labs web site itself

Fixes

• RC4 is marked as weak instead of insecure (#273)
• API: incorrect rc4WithModern value (#360)