SSLyze – SSL configuration scanning library and CLI tool
47 points
1 day ago
| 1 comment
| github.com
| HN
peblos
1 day ago
[-]
I tend to use testssl.sh (https://testssl.sh/), are there any major benefits to sslyze?

I’ve just tried running it a moment ago to compare. The output isn’t as organised/readable and it includes several tracebacks for failed checks (tlsv1.1, tlsv1.2, tlsv1.3, and compliance against Mozilla TLS configuration).

Always open to different tools but it seems testssl.sh is currently more complete

reply
thegagne
10 hours ago
[-]
It’s been a while but I used a bunch of these tools continuously for years. I mostly always used sslyze, because it was very versatile and gave me the info I wanted, whether it was around ciphers, tickets, cert chain validations, etc. I think testssl.sh did almost or possibly everything I wanted, but not sure.

SSLyze also has a decent Python library.

The problem with it though is the license. I wanted to build it into some other tooling but the license held me back.

I ended up building my own tooling that did just what I needed and built an API around it.

reply
us0r
16 hours ago
[-]
I've been using https://www.ssllabs.com/ssltest/analyze.html for years now. Any major benefits to either of these?
reply
peblos
4 hours ago
[-]
I started using testssl after first using slabs.com.

As the other commenter mentioned, testssl.sh lets you can websites that aren’t public yet e.g. test environments or other private networks. As well as testing against starttls if you need to test encryption on a mail gateway.

It’s also configurable, meaning you can have it test tls protocols alone, or ciphers alone, client renegotiation alone making it quicker and easier to read if you are looking at specific areas

reply
crabique
15 hours ago
[-]
testssl.sh allows you to scan stuff inside private networks, supports custom ports/SNI, and things like StartTLS.
reply