SSLyze Python API

Release 2.0.4

This is the documentation for using SSLyze as a Python module.

Overview

The Python API gives full access to SSLyze’s SSL/TLS scanning engine, which can analyze the SSL configuration of a server by connecting to it, and detect various issues (bad certificates, dangerous cipher suites, lack of session resumption, etc.).

A simple example on how to run a scan follows:

def demo_synchronous_scanner():
    # Run one scan command to list the server's TLS 1.0 cipher suites
    try:
        server_tester = ServerConnectivityTester(
            hostname='smtp.gmail.com',
            port=587,
            tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP
        )
        print(f'\nTesting connectivity with {server_tester.hostname}:{server_tester.port}...')
        server_info = server_tester.perform()
    except ServerConnectivityError as e:
        # Could not establish an SSL connection to the server
        raise RuntimeError(f'Could not connect to {e.server_info.hostname}: {e.error_message}')

    command = Tlsv10ScanCommand()

    synchronous_scanner = SynchronousScanner()

    scan_result = synchronous_scanner.run_scan_command(server_info, command)
    for cipher in scan_result.accepted_cipher_list:
        print(f'    {cipher.name}')

Using SSLyze as a Python module makes it easy to implement SSL/TLS scanning as part of continuous security testing platform, and detect any misconfiguration across a range of public and/or internal endpoints.

Extending SSLyze

SSLyze is built using a plugin system, which makes it easy to add new capabilities to the tool:

Indices and tables