sslscan – Fast SSL/TLS scanner

Posted by

sslscan queries SSL/TLS services, such as HTTPS, in order to determine the ciphers that are supported.

SSLScan is designed to be easy, lean and fast. The output includes preferred ciphers of the SSL/TLS service, and text and XML output formats are supported. It is TLS SNI
aware when used with a supported version of OpenSSL.

Usage :  sslscan [options] [host:port | host]

sslscan 127.0.0.1:8443

Version: 1.11.8
OpenSSL 1.0.2k 26 Jan 2017

OpenSSL version does not support SSLv2
SSLv2 ciphers will not be detected

Testing SSL server 127.0.0.1 on port 8443

TLS Fallback SCSV:
Server does not support TLS Fallback SCSV

TLS renegotiation:
Session renegotiation not supported

TLS Compression:
Compression disabled

Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

Supported Server Cipher(s):
Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits

SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048

Subject: jetty.eclipse.org
Issuer: jetty.eclipse.org

Not valid before: May 20 11:38:03 2015 GMT
Not valid after: Aug 18 11:38:03 2015 GMT

One comment

Leave a Reply

Your email address will not be published.