List of SSL/TLS related tools and tests you use?

eva2000 · September 2, 2015, 6:07am

Thought it would be nice to compile a list of the web and command line SSL/TLS tools and tests folks use themselves

I’ll start, besides SSL Labs online test https://www.ssllabs.com/ssltest/, I bundled alot of my tools in a Docker container made specifically for testing HTTP/2 and nghttp2 client/tool. However, it contains other tools useful for SSL testing like testssl, cipherscan, ssllabs-scan cli cmd tool etc.

Docker Image is Ubuntu Vivid OS based as it’s a pain to compile nghttp2 dependencies on CentOS https://hub.docker.com/r/centminmod/docker-ubuntu-nghttp2/

What do other folks use ?

rugk · September 5, 2015, 9:29am

The author of SSLLabs has also created a list of assessment tools: https://github.com/ssllabs/research/wiki/Assessment-Tools

eva2000 · September 5, 2015, 9:49am

cheers @rugk lots of useful tools there

eva2000 · December 8, 2015, 12:38am

so folks, any other tools you use ?

rugk · December 9, 2015, 9:13pm

https://whatsmychaincert.com/ is nice to use for the appropriate sites.
https://shaaaaaaaaaaaaa.com/
on https://ssl-tools.net/ there are also some nice tools

selecadm · December 9, 2015, 9:24pm

https://sslanalyzer.comodoca.com

Like SSL Labs, but something is missing and something more instead. Always faster regardless.

eva2000 · December 9, 2015, 10:26pm

Cloudflare posted some tools for HTTP/2 SSL testing etc too https://blog.cloudflare.com/tools-for-debugging-testing-and-using-http-2/

rugk · December 9, 2015, 10:38pm

The tools from Cloudflares seem to be primarily about HTTP/2 and not about TLS. The only thing a bit related to TLS I could find is OpenSSL they mention there. (and they do not even use it for checking the HTTPS connection).

eva2000 · December 9, 2015, 10:47pm

Yeah but because HTTP/2 requires SSL, the tools also reveal the site’s SSL configuration too

rugk · December 13, 2015, 9:29am

Another tool which can test DNSSEC/DANE: https://dane.sys4.de/
And a Logjam scanner, which can test any port and many protocol like SMTP, POP3 and so on: https://desec.io/#!/en/tools/logjam-scanner

And finally here is another list of security tools:

eva2000 · December 13, 2015, 9:40am

ah logjam ! another logjam tester from KeyCDN folks https://tools.keycdn.com/logjam

rugk · July 18, 2016, 8:39am

https://sslping.com/ is another useful service. Especially for LE certs it can warn you in the last moment if renewing fails, but it also checks your ciphers and similar stuff.

This does something similar:

And this service does also scan SSH: