SSLyze – A Fast and Full-Featured SSL Scanner

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. There is also an EXE available for Windows users located here

Key features include:

Multi-processed and multi-threaded scanning: it’s very fast.

Performance testing: session resumption and TLS tickets support.

Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more.

Server certificate validation and revocation checking through OCSP stapling.

Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres and FTP.

Support for client certificates when scanning servers that perform mutual authentication.

SSLyze can be found on GitHub here.

Pull up the usage by using the -h switch

1

2

3

Most of the time I use —regular

4

Here’s an example:

14

15

16

I decided to run SSLyze against the Top 5 US banks to see how they compare…

JPMorgan Chase

6

Bank of America

7

Citigroup

9

Wells Fargo

8

Goldman Sachs11

I’d rank these bank’s ciphers in the following order:

1. Citigroup

2. Bank of America

3. JPMorgan

4. Goldman Sachs

5. Wells Fargo

What do you think? How would you rank these bank’s ciphers?

Leave a Reply