Testing TLS/SSL encryption anywhere on any port. https://testssl.sh/
Go to file
Dirk 5acfc93d79 * couple of checks for new proxy option from John Newbigin #124
* minor cleanups for #124
2015-06-29 23:28:37 +02:00
openssl-bins - ease of making openssl binary with make-openssl.sh 2015-06-10 08:15:28 +02:00
utils Merge branch 'master' of github.com:drwetter/testssl.sh 2015-02-05 09:54:24 +01:00
CHANGELOG.txt 2014-07-16 19:06:26 +02:00
CREDITS.md Added a check for TLS_FALLBACK_SCSV 2015-06-08 17:19:34 +01:00
LICENSE Initial commit 2014-07-01 13:55:26 +02:00
Readme.md Update Readme.md 2015-06-28 14:05:25 +02:00
mapping-rfc.txt - stripping of leading 0 in testssl.sh needed to be reflected by this file 2014-11-18 11:04:57 +01:00
openssl-rfc.mappping.html typo 2015-04-21 08:14:36 +02:00
testssl.sh * couple of checks for new proxy option from John Newbigin #124 2015-06-29 23:28:37 +02:00

Readme.md

Intro

Gitter

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It's designed to provide clear output for your "is this good or bad" decision.

It is working on every Linux distribution out of the box with some limitations of disabled features from the openssl client -- some workarounds are done with bash-socket-based checks. It also works on BSD and other Unices out of the box, supposed they have /bin/bash and standard tools like sed and awk installed. MacOS X and Windows (using MSYS2) work too. OpenSSL version >= 1 is highly recommended. OpenSSL version >= 1.0.2 is needed for better LOGJAM checks and to display bit strengths for key exchanges.

On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see testssl.sh.

New features in the upcoming stable release 2.6 are:

  • display matching key (HPKP)
  • LOGJAM: check DHE_EXPORT cipher and display DH(/ECDH) bits in wide mode on negotiated ciphers
  • TLS_FALLBACK_SCSV check
  • using a HTTP proxy: in progress
  • Run in default mode through all ciphers
  • wide mode for several checks
  • can test multiple IP adresses
  • TLS 1.0-1.1 as socket per default in productioon

more see https://github.com/drwetter/testssl.sh/milestones/2.5dev%20%282.6%29

Contributions, feedback, also bug reports are welcome! For contributions please note: One patch per feature -- bug fix/improvement. Please test your changes thouroughly as reliability is important for this project.

Please file bug reports @ https://github.com/drwetter/testssl.sh/issues .

Update notification here or @ twitter.