SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. There is also an EXE available for Windows users located here
Key features include:
Multi-processed and multi-threaded scanning: it’s very fast.
Performance testing: session resumption and TLS tickets support.
Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more.
Server certificate validation and revocation checking through OCSP stapling.
Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres and FTP.
Support for client certificates when scanning servers that perform mutual authentication.
SSLyze can be found on GitHub here.
Pull up the usage by using the -h switch
Most of the time I use —regular
Here’s an example:
I decided to run SSLyze against the Top 5 US banks to see how they compare…
Bank of America
I’d rank these bank’s ciphers in the following order:
2. Bank of America
4. Goldman Sachs
5. Wells Fargo
What do you think? How would you rank these bank’s ciphers?