Latest Change SSLyze v0.13.6 :
* Added the Android Open Source Project’s trust store when using –certinfo.
* Bug fixes for IPv6 support, –nb_retries, –nb_timeout and UTF-8 and internationalized names in certificates.
–hsts no longer raises an exception when the server sends back a redirection to HTTP.
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.
Key features include:
– Multi-processed and multi-threaded scanning (it’s fast)
– SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
– Performance testing: session resumption and TLS tickets support
– Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more
– Server certificate validation and revocation checking through OCSP stapling
– Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
– Support for client certificates when scanning servers that perform mutual authentication
– XML output to further process the scan results
– And much more !
SSLyze requires Python 2.7; the supported platforms are Windows 7 32/64 bits, Linux 32/64 bits and OS X 64 bits.
Usage ; Command line options
The following command will provide the list of available command line options:
$ pip install sslyze
$ python sslyze.py -h
Sample command line:
$ python sslyze.py --regular www.isecpartners.com:443 www.google.com
See the test folder for additional examples.