Post History
Over some period of time, I have used a couple tools for local TLS scans and diagnostics. One of them may include pointers for whatever situation you have. Tool Description From Current? ...
Answer
#5: Post edited
by
Michael
·
2024-03-06T19:08:28Z (9 months ago)
Links!
- Over some period of time, I have used a couple tools for local TLS scans and diagnostics. One of them may include pointers for whatever situation you have.
- | Tool | Description | From | Current? |
- |------|-------------|------|----------|
- | [`sslyze`][sslyze] | TLS analysis by protocol | | ✓ |
- | [`cipherscan`][cipherscan] | TLS analysis by cipher. Slightly clunky. | Mozilla | ✗ |
| [`pshtt`][pshtt] | HTTPS + HSTS analysis, old `sslyze` | CISA | ✗ |- `sslyze` works fantastic if you just want to scan periodically for broken certificate chains, weak cryptography, and whether your server(s) are vulnerable to the exploit _du jour._[^vuln]
- If you also want some HTTP analysis, you can rig an old Python[^pshtt-complaints] to also scan with `pshtt`.
[^vuln]: Poodle, Heartbleed, Robot, etc.[^pshtt-complaints]: If you visit the issue section for `pshtt`, you will find people wondering why CISA doesn't support recent Python versions.- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
[pshtt]: https://github.com/cisagov/pshtt
- Over some period of time, I have used a couple tools for local TLS scans and diagnostics. One of them may include pointers for whatever situation you have.
- | Tool | Description | From | Current? |
- |------|-------------|------|----------|
- | [`sslyze`][sslyze] | TLS analysis by protocol | | ✓ |
- | [`cipherscan`][cipherscan] | TLS analysis by cipher. Slightly clunky. | Mozilla | ✗ |
- | [`pshtt`][pshtt] | HTTPS + HSTS analysis, old `sslyze` | [CISA][] | ✗ |
- `sslyze` works fantastic if you just want to scan periodically for broken certificate chains, weak cryptography, and whether your server(s) are vulnerable to the exploit _du jour._[^vuln]
- If you also want some HTTP analysis, you can rig an old Python[^pshtt-complaints] to also scan with `pshtt`.
- [^vuln]: [Poodle][], [Heartbleed][], [Robot][], etc.
- [^pshtt-complaints]: The issue section for `pshtt` includes several comments asking why CISA doesn't support recent Python versions.
- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
- [pshtt]: https://github.com/cisagov/pshtt
- [cisa]: https://www.cisa.gov
- [poodle]: https://www.cisa.gov/news-events/alerts/2014/10/17/ssl-30-protocol-vulnerability-and-poodle-attack
- [heartbleed]: https://heartbleed.com
- [robot]: https://robotattack.org
#4: Post edited
by
Michael
·
2024-03-05T17:11:29Z (9 months ago)
Specifically mention crypto, because that's a main feature.
- Over some period of time, I have used a couple tools for local TLS scans and diagnostics. One of them may include pointers for whatever situation you have.
- | Tool | Description | From | Current? |
- |------|-------------|------|----------|
- | [`sslyze`][sslyze] | TLS analysis by protocol | | ✓ |
- | [`cipherscan`][cipherscan] | TLS analysis by cipher. Slightly clunky. | Mozilla | ✗ |
- | [`pshtt`][pshtt] | HTTPS + HSTS analysis, old `sslyze` | CISA | ✗ |
`sslyze` works fantastic if you just want to scan periodically for broken certificate chains and whether your server(s) are vulnerable to Poodle, Heartbleed, or the exploit _du jour._- If you also want some HTTP analysis, you can rig an old Python[^pshtt-complaints] to also scan with `pshtt`.
- [^pshtt-complaints]: If you visit the issue section for `pshtt`, you will find people wondering why CISA doesn't support recent Python versions.
- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
- [pshtt]: https://github.com/cisagov/pshtt
- Over some period of time, I have used a couple tools for local TLS scans and diagnostics. One of them may include pointers for whatever situation you have.
- | Tool | Description | From | Current? |
- |------|-------------|------|----------|
- | [`sslyze`][sslyze] | TLS analysis by protocol | | ✓ |
- | [`cipherscan`][cipherscan] | TLS analysis by cipher. Slightly clunky. | Mozilla | ✗ |
- | [`pshtt`][pshtt] | HTTPS + HSTS analysis, old `sslyze` | CISA | ✗ |
- `sslyze` works fantastic if you just want to scan periodically for broken certificate chains, weak cryptography, and whether your server(s) are vulnerable to the exploit _du jour._[^vuln]
- If you also want some HTTP analysis, you can rig an old Python[^pshtt-complaints] to also scan with `pshtt`.
- [^vuln]: Poodle, Heartbleed, Robot, etc.
- [^pshtt-complaints]: If you visit the issue section for `pshtt`, you will find people wondering why CISA doesn't support recent Python versions.
- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
- [pshtt]: https://github.com/cisagov/pshtt
#3: Post edited
by
Michael
·
2024-03-04T20:40:17Z (9 months ago)
Rearrange the chart. Editorialize.
I have used a couple tools for things like that. One of them may include diagnosis of whatever you're running into.| Tool | Description ||------|-------------|| [`sslyze`][sslyze] | Protocol-first analysis of SSL settings. || [`cipherscan`][cipherscan] | Cipher-first analysis of same. Slightly clunky. || [`pshtt`][pshtt] | CISA-made HTTPS analysis, including HSTS stuff.[^1] Imports `sslyze`. |[^1]: If you visit the issue section for [`pshtt`][pshtt], you will find annoyed people wondering why they don't support recent Python versions. But it does have some extra analysis if you're doing this for HTTP stuff.- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
- [pshtt]: https://github.com/cisagov/pshtt
- Over some period of time, I have used a couple tools for local TLS scans and diagnostics. One of them may include pointers for whatever situation you have.
- | Tool | Description | From | Current? |
- |------|-------------|------|----------|
- | [`sslyze`][sslyze] | TLS analysis by protocol | | ✓ |
- | [`cipherscan`][cipherscan] | TLS analysis by cipher. Slightly clunky. | Mozilla | ✗ |
- | [`pshtt`][pshtt] | HTTPS + HSTS analysis, old `sslyze` | CISA | ✗ |
- `sslyze` works fantastic if you just want to scan periodically for broken certificate chains and whether your server(s) are vulnerable to Poodle, Heartbleed, or the exploit _du jour._
- If you also want some HTTP analysis, you can rig an old Python[^pshtt-complaints] to also scan with `pshtt`.
- [^pshtt-complaints]: If you visit the issue section for `pshtt`, you will find people wondering why CISA doesn't support recent Python versions.
- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
- [pshtt]: https://github.com/cisagov/pshtt
#2: Post edited
by
Michael
·
2024-03-04T16:54:25Z (9 months ago)
Table formatting on real site different from preview.
- I have used a couple tools for things like that. One of them may include diagnosis of whatever you're running into.
- | Tool | Description |
- |------|-------------|
- | [`sslyze`][sslyze] | Protocol-first analysis of SSL settings. |
- | [`cipherscan`][cipherscan] | Cipher-first analysis of same. Slightly clunky. |
| [`pshtt`][pshtt] | CISA-made HTTPS analysis, including HSTS stuff. If you visit their issue section, you will find annoyed people wondering why they don't support recent Python versions.- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
- [pshtt]: https://github.com/cisagov/pshtt
- I have used a couple tools for things like that. One of them may include diagnosis of whatever you're running into.
- | Tool | Description |
- |------|-------------|
- | [`sslyze`][sslyze] | Protocol-first analysis of SSL settings. |
- | [`cipherscan`][cipherscan] | Cipher-first analysis of same. Slightly clunky. |
- | [`pshtt`][pshtt] | CISA-made HTTPS analysis, including HSTS stuff.[^1] Imports `sslyze`. |
- [^1]: If you visit the issue section for [`pshtt`][pshtt], you will find annoyed people wondering why they don't support recent Python versions. But it does have some extra analysis if you're doing this for HTTP stuff.
- [sslyze]: https://github.com/nabla-c0d3/sslyze
- [cipherscan]: https://github.com/mozilla/cipherscan
- [pshtt]: https://github.com/cisagov/pshtt
#1: Initial revision
by
Michael
·
2024-03-04T16:51:22Z (9 months ago)
I have used a couple tools for things like that. One of them may include diagnosis of whatever you're running into. | Tool | Description | |------|-------------| | [`sslyze`][sslyze] | Protocol-first analysis of SSL settings. | | [`cipherscan`][cipherscan] | Cipher-first analysis of same. Slightly clunky. | | [`pshtt`][pshtt] | CISA-made HTTPS analysis, including HSTS stuff. If you visit their issue section, you will find annoyed people wondering why they don't support recent Python versions. [sslyze]: https://github.com/nabla-c0d3/sslyze [cipherscan]: https://github.com/mozilla/cipherscan [pshtt]: https://github.com/cisagov/pshtt