Joe Testa

> I suggest that the display of TLS1.1 be yellow. Why?

I did some research on this, and found that the major browsers announced their intention to deprecate TLSv1.1 back in October 2018 (see blog entries from [Google](https://security.googleblog.com/2018/10/modernizing-transport-security.html), [Microsoft](https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/), and [Apple](https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/))....

@Ricky-Tigg : Thanks for bringing this up. I'll take a closer look next time I poke around with the PyPI packaging.

@letiemble : I opted to write this patch from scratch myself (which I just committed) since there were some subtle code-organization I wanted to improve upon, along with an 'informational'...

@severach : as @thecliguy mentioned, you can perform your own hardening of a client or server, then create a custom policy to validate against it. > ssh-dss should not be...

Looks like this was fixed in Ubuntu 22.04 LTS: https://packages.ubuntu.com/source/jammy/ssh-audit Thanks @thecliguy for following through with this!

@thecliguy : correct me if I'm wrong, but I think the driving factor for deprecating `ssh-rsa` is solely because it is built around SHA-1. SHA-1 is exploitable in host keys,...

@thecliguy: yes, replacing INFO_OPENSSH82_FUTURE_DEPRECATION with something like INFO_DEPRECATED_IN_OPENSSH88 would be a good idea. Replacing the indirect failures messages (like FAIL_OPENSSH61_REMOVE) with the direct reasons for failure (like FAIL_HASH_WEAK or something...

@thecliguy : I finished the rest of the updates in https://github.com/jtesta/ssh-audit/commit/cc9e4fbc4ab06a90e1763e20dd3b4571e2934bb6. Thanks again for helping with this!

@VeNoMouS : I just committed a patch to add recommendations and CVE information to the JSON output. Please give it a try! CC: @Thibaut833