SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.
- SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
- Performance testing: session resumption and TLS tickets support
- Security testing: weak cipher suites, insecure renegation, CRIME and THC-SSL DOS attacks
- Server certificate validation
- Support for StartTLS with SMTP and XMPP, and traffic tunneling through an HTTPS proxy
- Client certificate support for servers performing mutual authentication
- Scan results can be written to an XML file for further processing
We wrote about SSLyze when it was first released: sslyze – Fast and Full-Featured SSL Configuration Scanner
And for the v0.4 release more recently: SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration
v0.6 is now available and has had some significant improvements, v0.5 saw the addition of a server side check for the CRIME attack, that uses SSL Compression. New in v0.6:
- Added support for Server Name Indication; see –sni
- Partial results are returned when the server requires client authentication but no client certificate was provided
- Preliminary IPv6 support
- Various bug fixes and better support of client authentication and HTTPS tunneling
Do also check out – TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation – and be SURE to read the excellent comment from William.
You can download SSLyze v0.6 here:
Or read more here.