sslscan
Scan SSL/TLS services for supported configurations
TLDR
Test a server on port 443
Test a specified port
Show certificate information
SYNOPSIS
sslscan [options] host[:port]
PARAMETERS
--no-failed
Only show accepted ciphers.
--ssl2
Only test SSLv2 ciphers.
--ssl3
Only test SSLv3 ciphers.
--tls10
Only test TLSv1.0 ciphers.
--tls11
Only test TLSv1.1 ciphers.
--tls12
Only test TLSv1.2 ciphers.
--tls13
Only test TLSv1.3 ciphers.
--no-compression
Disable compression testing.
--targets=file
Read targets from file.
--starttls=protocol
Use STARTTLS to negotiation (http, smtp, pop3, imap, ftp, auto).
host[:port]
Target hostname and optional port (default: 443).
DESCRIPTION
sslscan is a command-line utility that probes SSL/TLS enabled services to determine supported cipher suites, protocols, and other relevant security information. It is used to identify vulnerabilities in SSL/TLS configurations, such as weak ciphers or outdated protocols, which could expose systems to attacks like POODLE or BEAST. sslscan automates the process of testing SSL/TLS implementations, saving time and effort compared to manual analysis using tools like openssl s_client. The output provides a detailed report of the security characteristics of the target service, allowing administrators to take informed decisions about hardening their SSL/TLS configurations.
Its functionality extends to testing STARTTLS services as well. The command is often used by security professionals and system administrators as part of security audits and penetration testing activities. By providing detailed feedback, sslscan enables better configuration choices leading to more secure systems.
CAVEATS
sslscan relies on external libraries like openssl. Ensure openssl is installed correctly for accurate results. Firewalls might interfere with sslscan's ability to connect to target services, leading to incomplete or inaccurate results. Interpretation of the output requires knowledge of SSL/TLS protocols and cipher suites. The tool provides data but does not make subjective assessments of security.
INTERPRETING RESULTS
The output indicates which ciphers are supported by the server. Pay attention to whether weak ciphers (e.g., those using DES or RC4) are enabled. Also verify protocol support and look for indications of vulnerabilities. Pay attention to the certificate information, checking dates, CA etc. Use the information to harden SSL/TLS configurations.
HISTORY
sslscan was developed as a more flexible and automated alternative to manually testing SSL/TLS configurations using openssl s_client. It gained popularity as the need for identifying vulnerabilities such as POODLE and BEAST increased. Development continues to support new TLS versions and ciphers.
SEE ALSO
openssl(1)