List of SSL/TLS related tools and tests you use?


#1

Thought it would be nice to compile a list of the web and command line SSL/TLS tools and tests folks use themselves :smile:

I’ll start, besides SSL Labs online test https://www.ssllabs.com/ssltest/, I bundled alot of my tools in a Docker container made specifically for testing HTTP/2 and nghttp2 client/tool. However, it contains other tools useful for SSL testing like testssl, cipherscan, ssllabs-scan cli cmd tool etc.

Docker Image is Ubuntu Vivid OS based as it’s a pain to compile nghttp2 dependencies on CentOS https://hub.docker.com/r/centminmod/docker-ubuntu-nghttp2/

What do other folks use ?


Qualys SSL Labs Weak or insecure signature
#2

The author of SSLLabs has also created a list of assessment tools: https://github.com/ssllabs/research/wiki/Assessment-Tools


#3

cheers @rugk lots of useful tools there :slight_smile:


#4

so folks, any other tools you use ? :slight_smile:


#5

#6

https://sslanalyzer.comodoca.com

Like SSL Labs, but something is missing and something more instead. Always faster regardless.


#7

Cloudflare posted some tools for HTTP/2 SSL testing etc too https://blog.cloudflare.com/tools-for-debugging-testing-and-using-http-2/


#8

The tools from Cloudflares seem to be primarily about HTTP/2 and not about TLS. The only thing a bit related to TLS I could find is OpenSSL they mention there. (and they do not even use it for checking the HTTPS connection).


#9

Yeah but because HTTP/2 requires SSL, the tools also reveal the site’s SSL configuration too


#10

Another tool which can test DNSSEC/DANE: https://dane.sys4.de/
And a Logjam scanner, which can test any port and many protocol like SMTP, POP3 and so on: https://desec.io/#!/en/tools/logjam-scanner

And finally here is another list of security tools:


#11

ah logjam ! another logjam tester from KeyCDN folks https://tools.keycdn.com/logjam


#12

https://sslping.com/ is another useful service. Especially for LE certs it can warn you in the last moment if renewing fails, but it also checks your ciphers and similar stuff.

This does something similar:

And this service does also scan SSH:
https://discovery.cryptosense.com/