Testing TLS/SSL encryption anywhere on any port. https://testssl.sh/
Go to file
Dirk 3c7620bd8d - RC4 has now 2 CVEs and cipher per default are displayed short
- introducng a variable name LONG which for certain funcs shows broad output with hexc, cipher, KX, etc.
- FIX: regression not showing security headers
- introducing VULN_THRESHLD
2015-04-22 18:24:39 +02:00
openssl-bins - updated binaries from Peter. Necessary because handshake under rare circumstances 2015-04-02 11:46:12 +02:00
utils Merge branch 'master' of github.com:drwetter/testssl.sh 2015-02-05 09:54:24 +01:00
CHANGELOG.txt 2014-07-16 19:06:26 +02:00
CREDITS.md - 2015-04-09 21:45:22 +02:00
LICENSE Initial commit 2014-07-01 13:55:26 +02:00
mapping-rfc.txt - stripping of leading 0 in testssl.sh needed to be reflected by this file 2014-11-18 11:04:57 +01:00
openssl-rfc.mappping.html typo 2015-04-21 08:14:36 +02:00
Readme.md Indicated freeze 2015-04-16 21:05:23 +02:00
testssl.sh - RC4 has now 2 CVEs and cipher per default are displayed short 2015-04-22 18:24:39 +02:00

Intro

Gitter

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It's designed to provide clear output for your "is this good or bad" decision.

It is working on every Linux distribution out of the box with some limitations of disabled features from the openssl client (some workarounds are done with bash socket based checks). It also works on BSD and other Unices out of the box, supposed they have /bin/bash and standard tools like sed and awk installed. MacOS X and Windows (using MSYS2) work too.

On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see testssl.sh.

New features in this release are:

  • "only one cmd line option at a time": completely gone
  • certificate information: done,
  • more HTTP header infos: done.
  • protocol check via bash sockets, SSLv2+v3: done
  • maybe: cipher check via bash sockets: for now only with development option -q
  • debug file handling: done so far
  • BEAST: done, maybe needs some polishing for the output

Bottom line: Expect no big features now. Plan is to stabilize, bug fix and make a 2.4 release before next bigger development stage.

Contributions, feedback, also bug reports are welcome. For contributions please note: One patch per feature -- bug fix/improvement.

Update notification here or @ twitter.