testssl.sh v3.0.2 releases: Testing TLS/SSL encryption anywhere on any port
testssl.sh is a free command-line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
- Clear output: you can tell easily whether anything is good or bad
- Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD, and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
- Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
- Toolbox: Several command line options help you to run YOUR test and configure YOUR output
- Reliability: features are tested thoroughly
- Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you’ll get a warning
- Privacy: It’s only you who sees the result, not a third party
- Freedom: It’s 100% open source. You can look at the code, see what’s going on and you can change it.
- Heck, even the development is open (github)
testssl.sh URI as the default invocation does the so-called default run which does a number of checks and puts out the results colourized (ANSI and termcap) on the screen. It does every check listed below except
-E which are (order of appearance):
- displays a banner (see below), does a DNS lookup also for further IP addresses and does for the returned IP address a reverse lookup. Last but not least a service check is being done.
- SSL/TLS protocol check
- standard cipher categories to give you upfront an idea for the ciphers supported
- checks (perfect) forward secrecy: ciphers and elliptical curves
- server preferences (server order)
- server defaults (certificate info, TLS extensions, session information)
- HTTP header (if HTTP detected or being forced via
- testing each of 359 ciphers
- client simulation
This is another bugfix release of the stable branch 3.0 with roughly the following changes:
- Remove potential licensing conflicts (Dirk)
- Fix situations when TLS 1.3 is used for Ticketbleed check (David)
- Improved compatibility with LibreSSL 3.0 (David)
- Add brotil compression to BREACH (Dirk)
- Faster and more robust XMPP STARTTLS handshakes (Dirk)
- More robust STARTTLS handshakes (David)
- Fix Dockerfile (Dirk)
- Fix outputs, sometimes misleading (David, Dirk)
git clone –depth 1 https://github.com/drwetter/testssl.sh.git
Copyright (C) 2014 drwetter