Alban Diquet

Nassl can already be run on M1 Macs via Rosetta2. However, to add native support, AFAIK this would require: 1. Updating the "modern" OpenSSL to 1.1.1i and using the darwin64-arm64-cc...

> The crash people are seeing is due to Substitute (the library that Chimera uses for hooking C functions) not supporting functions that are very short. I think if there's...

https://github.com/badkeys/badkeys

To further address the memory leak affecting the certificate validation logic (https://github.com/nabla-c0d3/sslyze/issues/560), we should switch from nassl's to pyOpenSSL's API (https://www.pyopenssl.org/en/stable/api/crypto.html#x509storecontext-objects). pyOpenSSL is already an implicit dependency of SSLyze since...

Could be based on https://github.com/nabla-c0d3/sslyze/blob/release/.github/workflows/scan_nginx_server.yml

Re-enable the tests at https://github.com/nabla-c0d3/sslyze/commit/729bfd56229353eee8c8e84b36767cdab798b853 once https://github.com/chromium/badssl.com/issues/483 has been resolved.

Add support for revocation checking via OCSP

5

Sample code on how to do it at https://gist.github.com/gattjoe/94dbf531d3d4ef60ca8a2f3663382926

* https://github.com/openssl/openssl/issues/7482 * https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/