SSLyze

Release 6.0.0

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elliptic curves, etc.), and that it is not vulnerable to known TLS attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).

Installation & Quick Start

Instructions on how to install and use SSLyze are available in the README.

Running scans using the Python API

The Python API gives full access to SSLyze’s scanning engine in order to make it easy to implement SSL/TLS scanning as part of a continuous security testing platform, and detect any misconfiguration across a range of public and/or internal endpoints.

• Running a Scan in Python
  • Overview
  • Full Example
  • Classes for Starting a Scan
  • Classes for Processing Scan Results

Exporting and processing scan results in JSON

The result of SSLyze scans can be serialized to JSON for further processing. SSLyze also provides a helper class to parse JSON scan results; it can be used to process the results of SSLyze scans in a separate Python program.

• Exporting and processing scan results in JSON
  • Exporting results to JSON when using the CLI
  • Exporting results to JSON when using the API
  • Parsing the JSON output

Appendix: Scan Commands

• Appendix: Scan Commands
  • ScanCommand
  • Certificate Information
  • Cipher Suites
  • Supported Elliptic Curves
  • ROBOT
  • Session Resumption Support
  • CRIME
  • TLS 1.3 Early Data
  • Downgrade Prevention
  • Heartbleed
  • HTTP Security Headers
  • OpenSSL CCS Injection
  • Insecure Renegotiation

Indices and tables

• Index

• Module Index

• Search Page