sslscan

Test a server on port 443

$ sslscan [example.com]

$ sslscan [example.com]:[465]

$ testssl --show-certificate [example.com]

sslscan [options] host[:port]

--no-failed
    Only show accepted ciphers.

--ssl2
    Only test SSLv2 ciphers.

--ssl3
    Only test SSLv3 ciphers.

--tls10
    Only test TLSv1.0 ciphers.

--tls11
    Only test TLSv1.1 ciphers.

--tls12
    Only test TLSv1.2 ciphers.

--tls13
    Only test TLSv1.3 ciphers.

--no-compression
    Disable compression testing.

--targets=file
    Read targets from file.

--starttls=protocol
    Use STARTTLS to negotiation (http, smtp, pop3, imap, ftp, auto).

host[:port]
    Target hostname and optional port (default: 443).

sslscan is a command-line utility that probes SSL/TLS enabled services to determine supported cipher suites, protocols, and other relevant security information. It is used to identify vulnerabilities in SSL/TLS configurations, such as weak ciphers or outdated protocols, which could expose systems to attacks like POODLE or BEAST. sslscan automates the process of testing SSL/TLS implementations, saving time and effort compared to manual analysis using tools like openssl s_client. The output provides a detailed report of the security characteristics of the target service, allowing administrators to take informed decisions about hardening their SSL/TLS configurations.

Its functionality extends to testing STARTTLS services as well. The command is often used by security professionals and system administrators as part of security audits and penetration testing activities. By providing detailed feedback, sslscan enables better configuration choices leading to more secure systems.

sslscan relies on external libraries like openssl. Ensure openssl is installed correctly for accurate results. Firewalls might interfere with sslscan's ability to connect to target services, leading to incomplete or inaccurate results. Interpretation of the output requires knowledge of SSL/TLS protocols and cipher suites. The tool provides data but does not make subjective assessments of security.

The output indicates which ciphers are supported by the server. Pay attention to whether weak ciphers (e.g., those using DES or RC4) are enabled. Also verify protocol support and look for indications of vulnerabilities. Pay attention to the certificate information, checking dates, CA etc. Use the information to harden SSL/TLS configurations.

sslscan was developed as a more flexible and automated alternative to manually testing SSL/TLS configurations using openssl s_client. It gained popularity as the need for identifying vulnerabilities such as POODLE and BEAST increased. Development continues to support new TLS versions and ciphers.

openssl(1)