testssl

Test a server (run every check) on port 443

$ testssl [example.com]

$ testssl [example.com:465]

$ testssl --protocols [example.com]

$ testssl --vulnerable [example.com]

$ testssl --headers [example.com]

$ testssl --starttls [ftp|smtp|pop3|imap|xmpp|sieve|xmpp-server|telnet|ldap|irc|lmtp|nntp|postgres|mysql] [example.com]:[port]

testssl.sh [OPTIONS] <TARGET>

-h, --help
    Displays the command's help message and exits.

-v, --version
    Shows the version information of testssl.

-p, --protocols
    Tests all supported SSL/TLS protocols, reporting which ones are enabled.

-e, --each-cipher
    Tests each cipher separately, providing detailed output for every supported cipher.

-S, --suites
    Shows all supported ciphers, grouped by protocol.

-B, --heartbleed
    Specifically checks for the Heartbleed vulnerability.

-D, --drown
    Checks for the DROWN vulnerability, which affects servers allowing SSLv2 connections.

-L, --logjam
    Tests for the Logjam vulnerability, related to weak Diffie-Hellman key exchange.

--ip=<ip>
    Connects to a specific IP address of the target, useful for multi-homed servers.

--starttls <protocol>
    Tests STARTTLS support for specified protocols (e.g., smtp, imap, xmpp).

--json, --jsonfile=<file>
    Outputs results in JSON format, optionally writing to a specified file. Ideal for programmatic parsing.

--html, --htmlfile=<file>
    Outputs results in HTML format, optionally writing to a specified file. Suitable for reports.

--quiet, -q
    Suppresses all output except for the final results summary.

testssl is a robust, free, and command-line driven tool for checking a server's SSL/TLS (Secure Sockets Layer/Transport Layer Security) configuration. It performs a deep analysis of cryptographic protocols, ciphers, and security flaws, helping administrators identify and mitigate potential vulnerabilities such as Heartbleed, POODLE, BEAST, FREAK, Logjam, DROWN, and ROBOT. Beyond vulnerability detection, it also scrutinizes certificate details, server preferences, renegotiation capabilities, HSTS implementation, and OCSP stapling, providing a detailed, color-coded report. Its broad support for IPv4/IPv6 and STARTTLS (for protocols like SMTP, XMPP, LDAP, POP3, IMAP, FTP, RDP, PostgreSQL, MySQL) makes it an invaluable tool for ensuring comprehensive server security and compliance.

testssl can be resource-intensive and time-consuming for full scans, especially on large numbers of targets.
It relies on an external openssl installation; its capabilities are limited by the features compiled into the local openssl version.
Not typically included in standard Linux distributions' repositories, often requiring manual installation from its GitHub repository.
Some deep vulnerability checks might trigger intrusion detection/prevention systems (IDS/IPS).

testssl is renowned for its comprehensive suite of built-in checks for a vast array of known SSL/TLS vulnerabilities, including but not limited to Heartbleed, POODLE, BEAST, CRIME, FREAK, Logjam, DROWN, SWEET32, and ROBOT. This makes it an indispensable tool for quickly assessing a server's resilience against common and historical cryptographic attacks.

Beyond its default human-readable, color-coded terminal output, testssl supports various output formats. Users can generate results in JSON for easy programmatic integration and parsing, or in HTML for convenient reporting and archival, enhancing its utility in automated security pipelines and documentation.

A key strength of testssl is its ability to test SSL/TLS configurations not just for HTTPS, but also for a wide range of other protocols via STARTTLS. This includes services like SMTP, IMAP, POP3, FTP, XMPP, LDAP, RDP, PostgreSQL, and MySQL, ensuring a holistic security assessment across an organization's entire service landscape.

testssl.sh was initially developed by Dirk Wetter in 2012 as a robust tool for SSL/TLS server auditing. Its comprehensive feature set, ease of use, and continuous updates, incorporating new vulnerabilities and best practices, quickly propelled it to become a widely adopted standard for security professionals and system administrators worldwide. Its development remains active, ensuring it stays current with evolving cryptographic threats.

openssl(1), nmap(1), sslyze(1), curl(1)