←back to thread

SSLyze – SSL configuration scanning library and CLI tool

(github.com)
47 points Brysonbw | 3 comments | 02 Apr 25 00:03 UTC | HN request time: 0.418s | source
Show context
peblos ◴[02 Apr 25 03:05 UTC] No.43553301[source]
I tend to use testssl.sh (https://testssl.sh/), are there any major benefits to sslyze?

I’ve just tried running it a moment ago to compare. The output isn’t as organised/readable and it includes several tracebacks for failed checks (tlsv1.1, tlsv1.2, tlsv1.3, and compliance against Mozilla TLS configuration).

Always open to different tools but it seems testssl.sh is currently more complete

replies(2): >>43555769 #>>43559146 #
1. us0r ◴[02 Apr 25 12:03 UTC] No.43555769[source]
I've been using https://www.ssllabs.com/ssltest/analyze.html for years now. Any major benefits to either of these?
replies(2): >>43556026 #>>43563131 #
2. crabique ◴[02 Apr 25 12:44 UTC] No.43556026[source]
testssl.sh allows you to scan stuff inside private networks, supports custom ports/SNI, and things like StartTLS.
3. peblos ◴[02 Apr 25 23:44 UTC] No.43563131[source]
I started using testssl after first using slabs.com.

As the other commenter mentioned, testssl.sh lets you can websites that aren’t public yet e.g. test environments or other private networks. As well as testing against starttls if you need to test encryption on a mail gateway.

It’s also configurable, meaning you can have it test tls protocols alone, or ciphers alone, client renegotiation alone making it quicker and easier to read if you are looking at specific areas