Testing TLS/SSL encryption anywhere on any port. https://testssl.sh/
Go to file
typingArtist 449aada392 fix CBC cipher selection
CBC cipher selection is not so easy using the openssl tool alone. Selecting the cipher based on the string CBC occuring in it would be right if it’s
about the RFC name of the cipher but not so with the openssl naming. Since CBC ciphers are not going to be continued anyway, I think it’s safe to take
a static list. However, it’s easy to extract it from the cipher list in openssl-rfc.mapping.html, but we certainly don’t want to require that file to
be shipped all the time.
2015-09-30 12:44:27 +02:00
bin Update Readme.md 2015-09-03 13:20:52 +02:00
etc - NEW: chain of trust -- for openssl 1.0.2 only 2015-09-22 15:05:59 +02:00
utils - cleanup bin mess ;-), part 1 2015-09-03 12:39:03 +02:00
CHANGELOG.stable-releases.txt Rename old.CHANGELOG.txt to CHANGELOG.stable-releases.txt 2015-09-03 15:15:36 +02:00
CREDITS.md update 2015-09-03 12:19:53 +02:00
LICENSE Initial commit 2014-07-01 13:55:26 +02:00
Readme.md IPv6 2015-09-26 23:00:41 +02:00
mapping-rfc.txt - stripping of leading 0 in testssl.sh needed to be reflected by this file 2014-11-18 11:04:57 +01:00
openssl-rfc.mappping.html yet another GOST fine tuning thing 2015-07-20 20:49:31 +02:00
testssl.sh fix CBC cipher selection 2015-09-30 12:44:27 +02:00

Readme.md

Intro

Gitter

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It's designed to provide clear output in any case.

It is working on every Linux distribution out of the box with some limitations of disabled features from the openssl client -- some workarounds are done with bash-socket-based checks. It also works on BSD and other Unices out of the box, supposed they have /bin/bash and standard tools like sed and awk installed. MacOS X and Windows (using MSYS2 or cygwin) work too. OpenSSL version >= 1 is a must. OpenSSL version >= 1.0.2 is needed for better LOGJAM checks and to display bit strengths for key exchanges.

On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see testssl.sh.

Planned features in the release 2.7dev/2.8 are:

https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29

Done so far:

  • Trust chain check against certificate stores from java, linux (system), microsoft, mozilla (works for openssl >=1.0.2)
  • IPv6 (status: 80% working, details see https://github.com/drwetter/testssl.sh/issues/11
  • Even more compatibilty improvements for FreeBSD and RH-ish systems

Contributions, feedback, also bug reports are welcome! For contributions please note: One patch per feature -- bug fix/improvement. Please test your changes thouroughly as reliability is important for this project.

Please file bug reports @ https://github.com/drwetter/testssl.sh/issues .

Update notification here or @ twitter.