Tuesday, 9 July 2013

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.


SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibilityPerformance testing: session resumption and TLS tickets supportSecurity testing: weak cipher suites, insecure renegation, CRIME and THC-SSL DOS attacksServer certificate validationSupport for StartTLS with SMTP and XMPP, and traffic tunneling through an HTTPS proxyClient certificate support for servers performing mutual authenticationScan results can be written to an XML file for further processing

We wrote about SSLyze when it was first released: sslyze – Fast and Full-Featured SSL Configuration Scanner

And for the v0.4 release more recently: SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration

v0.6 is now available and has had some significant improvements, v0.5 saw the addition of a server side check for the CRIME attack, that uses SSL Compression. New in v0.6:

Added support for Server Name Indication; see –sniPartial results are returned when the server requires client authentication but no client certificate was providedPreliminary IPv6 supportVarious bug fixes and better support of client authentication and HTTPS tunneling

Do also check out – TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation – and be SURE to read the excellent comment from William.

You can download SSLyze v0.6 here:

Linux/OSX – sslyze-0.6_src.zip
Windows 7/Python 32-bit – sslyze-0.6_Windows7_Python32.zip
Windows 7/Python 64-bit – sslyze-0.6_Windows7_Python64.zip

Or read more here.

View the original article here


Post a Comment