sslyze  4.0.4
About: SSLyze is a fast and full-featured SSL scanner that can analyze the SSL configuration of a server by connecting to it and help admins to identify optional misconfigurations.
  Fossies Dox: sslyze-4.0.4.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  
sslyze Documentation

Some Fossies usage hints in advance:

  1. To see the Doxygen generated documentation please click on one of the items in the steelblue colored "quick index" bar above or use the side panel at the left which displays a hierarchical tree-like index structure and is adjustable in width.
  2. If you want to search for something by keyword rather than browse for it you can use the client side search facility (using Javascript and DHTML) that provides live searching, i.e. the search results are presented and adapted as you type in the Search input field at the top right.
  3. Doxygen doesn't incorporate all member files but just a definable subset (basically the main project source code files that are written in a supported language). So to search and browse all member files you may visit the Fossies sslyze-4.0.4.tar.gz contents page and use the Fossies standard member browsing features (also with source code highlighting and additionally with optional code folding).
README.md

SSLyze

Run Tests Downloads PyPI version Python version

SSLyze is a fast and powerful SSL/TLS scanning library.

It allows you to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues (bad certificate, weak cipher suites, Heartbleed, ROBOT, TLS 1.3 support, etc.).

SSLyze can either be used as a command line tool or as a Python library.

Key features

  • Fully documented Python API, in order to run scans and process the results directly from Python.
  • Support for TLS 1.3 and early data (0-RTT) testing.
  • Scans are automatically dispatched among multiple workers, making them very fast.
  • Performance testing: session resumption and TLS tickets support.
  • Security testing: weak cipher suites, supported curves, ROBOT, Heartbleed and more.
  • Server certificate validation and revocation checking through OCSP stapling.
  • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres and FTP.
  • Scan results can be written to a JSON file for further processing.
  • And much more!

Quick start

SSLyze can be installed directly via pip:

$ pip install --upgrade setuptools
$ pip install --upgrade sslyze
$ python -m sslyze www.yahoo.com www.google.com "[2607:f8b0:400a:807::2004]:443"

Documentation

Documentation is available here.

License

Copyright (c) 2021 Alban Diquet

SSLyze is made available under the terms of the GNU Affero General Public License (AGPL). See LICENSE.txt for details and exceptions.