diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bf434e76..46d1ec9d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,7 +10,7 @@ jobs:
       matrix:
         cc: [clang, gcc]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: build with ${{ matrix.cc }}
         run: |
           make sslscan
@@ -20,7 +20,7 @@ jobs:
   build_mingw:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: install mingw-w64
         run: |
           sudo apt-get update -qq
diff --git a/Changelog b/Changelog
index 75915187..b08ca6a5 100644
--- a/Changelog
+++ b/Changelog
@@ -1,10 +1,19 @@
 Changelog
 =========
+Version: 2.1.6
+Date   : 02/12/2024
+Author : rbsec <robin@rbsec.net>
+Changes: The following are a list of changes
+		 > Flag CCM8 ciphers as weak and manually override their displayed
+		 bit strength to match newer versions of OpenSSL
+		 See https://github.com/openssl/openssl/pull/16652
+
 Version: 2.1.5
 Date   : 21/09/2024
 Author : rbsec <robin@rbsec.net>
 Changes: The following are a list of changes
 		 > Various build improvements
+		 > Makefile improvements
 
 Version: 2.1.4
 Date   : 16/06/2024
@@ -17,7 +26,7 @@ Date   : 21/01/2024
 Author : rbsec <robin@rbsec.net>
 Changes: The following are a list of changes
 		 > Enable quiet shutdown for scanning (credit jarnfast)
-		 > Fix Docked build on non-x64 architectures (credit jtesta)
+		 > Fix Docker build on non-x64 architectures (credit jtesta)
 
 Version: 2.1.2
 Date   : 14/11/2023
diff --git a/Makefile b/Makefile
index faed6e29..47c73ad5 100644
--- a/Makefile
+++ b/Makefile
@@ -138,12 +138,16 @@ uninstall:
 	rm -f $(DESTDIR)$(MAN1DIR)/sslscan.1
 
 .openssl.is.fresh: opensslpull
-	true
+	@true
+
 opensslpull:
+	upstream=`git ls-remote https://github.com/openssl/openssl | grep -Eo '(openssl-3\.0\.[0-9]+)' | sort -V | tail -n 1` ; \
 	if [ -d openssl -a -d openssl/.git ]; then \
-		cd ./openssl && git checkout `git ls-remote https://github.com/openssl/openssl | grep -Eo '(openssl-3\.0\.[0-9]+)' | sort --version-sort | tail -n 1` && git pull | grep -q "Already up to date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
+		if [ "$$upstream" != "`cd ./openssl && git describe --exact-match --tags`" ]; then \
+			cd ./openssl && git fetch --depth 1 origin refs/tags/$$upstream:refs/tags/$$upstream && git checkout $$upstream && touch ../.openssl.is.fresh ; \
+		fi \
 	else \
-	git clone --depth 1 -b `git ls-remote https://github.com/openssl/openssl | grep -Eo '(openssl-3\.0\.[0-9]+)' | sort -V | tail -n 1` https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
+		git clone --depth 1 -b $$upstream https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
 	fi
 
 openssl/Makefile: .openssl.is.fresh
diff --git a/README.md b/README.md
index 2e2ec5b2..c04abf8c 100644
--- a/README.md
+++ b/README.md
@@ -78,11 +78,9 @@ Key changes are as follows:
 
 It is possible to ignore the OpenSSL system installation and ship your own version. Although this results in a more resource-heavy `sslscan` binary (file size, memory consumption, etc.), this allows some additional checks such as TLS compression.
 
-To compile your own OpenSSL version, you'll probably need to install the OpenSSL build dependencies. The commands below can be used to do this on Debian.  If you don't have them already, you will need to enable the `deb-src` repos in your apt config. sslscan was primarily developed on Debian, so if you are
-compiling on other distributions your mileage may vary.
+To compile your own OpenSSL version, you'll probably need to install the OpenSSL build dependencies. The commands below can be used to do this on Debian.
 
-    apt-get install build-essential git zlib1g-dev
-    apt-get build-dep openssl
+    apt install git zlib1g-dev make gcc
 
 Then run
 
@@ -90,7 +88,13 @@ Then run
 
 This will clone the [OpenSSL repository](https://github.com/openssl/openssl), and configure/compile/test OpenSSL prior to compiling `sslscan`.
 
-**Please note:** Out of the box, OpenSSL cannot compiled with `clang` without further customization (which is not done by the provided `Makefile`). For more information on this, see [Modifying Build Settings](http://wiki.openssl.org/index.php/Compilation_and_Installation#Modifying_Build_Settings) in the OpenSSL wiki.
+**Please note:** By default, OpenSSL is compiled with `gcc` without further customization. To compile with `clang`, install build dependencies using the commands below.
+
+    apt install git zlib1g-dev make clang
+
+Then run
+
+    make static CC=clang
 
 You can verify whether you have a statically linked OpenSSL version, by checking whether the version listed by `sslscan --version` has the `-static` suffix.
 
diff --git a/missing_ciphersuites.h b/missing_ciphersuites.h
index 9914fa7d..9dfdea7e 100644
--- a/missing_ciphersuites.h
+++ b/missing_ciphersuites.h
@@ -20,7 +20,7 @@ struct missing_ciphersuite {
 };
 
 
-/* Auto-generated by ./iana_tls_ciphersuite_parser.py on December 10, 2019. */
+/* Auto-generated by iana_tls_ciphersuite_parser.py on November 10, 2024. */
 struct missing_ciphersuite missing_ciphersuites[] = {
   {0x0000, "TLS_NULL_WITH_NULL_NULL", -1, VALL, 0},
   {0x0001, "TLS_RSA_WITH_NULL_MD5", -1, VALL, 0},
@@ -171,6 +171,8 @@ struct missing_ciphersuite missing_ciphersuites[] = {
   {0x1303, "TLS_CHACHA20_POLY1305_SHA256", 256, VALL, 0},
   {0x1304, "TLS_AES_128_CCM_SHA256", 128, VALL, 0},
   {0x1305, "TLS_AES_128_CCM_8_SHA256", 128, VALL, 0},
+  {0x1306, "TLS_AEGIS_256_SHA512", 256, VALL, 0},
+  {0x1307, "TLS_AEGIS_128L_SHA256", 128, VALL, 0},
   {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA", -1, VALL, 0},
   {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 128, VALL, 0},
   {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 112, VALL, 0},
@@ -355,6 +357,10 @@ struct missing_ciphersuite missing_ciphersuites[] = {
   {0xC100, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC", 256, VALL, 0},
   {0xC101, "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC", 256, VALL, 0},
   {0xC102, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT", 256, VALL, 0},
+  {0xC103, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L", 256, VALL, 0},
+  {0xC104, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_L", 256, VALL, 0},
+  {0xC105, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S", 256, VALL, 0},
+  {0xC106, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_S", 256, VALL, 0},
   {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 256, VALL, 0},
   {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 256, VALL, 0},
   {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 256, VALL, 0},
diff --git a/sslscan.c b/sslscan.c
index 952ab60e..f22991e3 100644
--- a/sslscan.c
+++ b/sslscan.c
@@ -1720,6 +1720,14 @@ void outputCipher(struct sslCheckOptions *options, SSL *ssl, const char *cleanSs
     } else
       printf("%s  ", cleanSslMethod);
 
+    // Short authentication tag length
+    // These are flagged as 64 bit strength in newer versions of OpenSSL
+    // But in older versions they'll still show as 256 bits, so override that here
+    // See https://github.com/openssl/openssl/pull/16652
+    if (strstr(ciphername, "CCM8")) {
+        cipherbits = 64;
+    }
+
     if (cipherbits < 10)
       tempInt = 2;
     else if (cipherbits < 100)
@@ -1778,6 +1786,18 @@ void outputCipher(struct sslCheckOptions *options, SSL *ssl, const char *cleanSs
             printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
         }
         strength = "medium";
+    } else if (strstr(ciphername, "CCM8")) {
+        // Short authentication tag length
+        // These are flagged as 64 bit strength in newer versions of OpenSSL
+        // But in older versions they'll still show as 256 bits, so manually flag them here
+        // See https://github.com/openssl/openssl/pull/16652
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
+        }
+        strength = "medium";
     } else if (strstr(ciphername, "_SM4_")) { /* Developed by Chinese government */
         if (options->ianaNames) {
             printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
diff --git a/tools/iana_tls_ciphersuite_parser.py b/tools/iana_tls_ciphersuite_parser.py
index be06258d..5ff0d5f7 100755
--- a/tools/iana_tls_ciphersuite_parser.py
+++ b/tools/iana_tls_ciphersuite_parser.py
@@ -16,7 +16,7 @@
 # <https://www.iana.org/assignments/tls-parameters/tls-parameters.xml>.
 if len(sys.argv) != 2:
     print("\nUsage: %s tls_ciphers.csv\n\nHint: copy the TLS table in CSV format from <https://www.iana.org/assignments/tls-parameters/tls-parameters.xml>.\n" % sys.argv[0])
-    exit(0)
+    exit()
 
 csv_file = sys.argv[1]
 
@@ -58,6 +58,12 @@
             bits = 128
         elif 'ARIA_256' in cipher_name:
             bits = 256
+        elif 'AEGIS_128' in cipher_name:
+            bits = 128
+        elif 'AEGIS_256' in cipher_name:
+            bits = 256
+        elif 'SEED' in cipher_name:
+            bits = 128
         elif '3DES' in cipher_name:
             bits = 112
         elif 'DES40' in cipher_name:
@@ -93,4 +99,3 @@
         print('  {%s, "%s", %d, VALL, 0},' % (parsed_id, cipher_name, bits))
 
 print("};")
-exit 0