This repository has been archived by the owner on Sep 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
60 lines (32 loc) · 2.88 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
tlsprobe - a TLS/SSL testing utility (by Marco Bellaccini - marco.bellaccini[at!]gmail.com)
tlsprobe is a simple program that tests a server for TLS/SSL Cipher Suites support (client mode) or, listening for incoming TLS/SSL connections, discovers Cipher Suites offered by a client (server mode).
tlsprobe is Free Software, released under the Apache License, Version 2.0.
GitHub project page: https://github.com/marcobellaccini/tlsprobe
In client mode, tlsprobe just sends ClientHello messages, and, by looking at server's reply (if any), determines whether the selected Cipher Suite(s) is supported or not.
tlsprobe builds TLS/SSL messages in a "byte-by-byte" fashion and so does not need any external library (i.e.: no OpenSSL, no GnuTLS, no libNSS).
The program supports both single Cipher Suite support check and a full-scan mode (in which it checks for support of all the cipher suites listed in the IANA TLS Cipher Suite Registry - http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 ).
In server mode, it waits for a ClientHello to arrive and parse it, discovering offered Cipher Suites.
tlsprobe provides you with a visual feedback of the security/compatibility level of the various TLS/SSL Cipher Suites, based on Mozilla Server-Side-TLS Recommendations: https://wiki.mozilla.org/Security/Server_Side_TLS .
It highlights the discovered Cipher Suites with different colors, depending on the estimated security and compatibility level.
Working at TLS/SSL level, tlsprobe is generic and also supports probing non-https services (you just have to specify the right port for the higher-level protocol with the -p option).
tlsprobe supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2.
Note for Windows users: yeah, this tool can be run on Windows 10 through Windows Subsystem for Linux.
Here follows some usage examples.
>>Client mode
List all Cipher Suites supported by www.google.com through TLS and SSL protocols (https, tcp port 443):
tlsprobe -F www.google.com
List all TLS Cipher Suites (i.e.: skip SSL3 scanning phase) supported by www.google.com (https, tcp port 443):
tlsprobe -j -F www.google.com
Tests if www.google.com (https, tcp port 443) supports cipher suite TLS_RSA_WITH_AES_128_CBC_SHA:
tlsprobe -c TLS_RSA_WITH_AES_128_CBC_SHA www.google.com
Tests if www.google.com (https, tcp port 443) supports cipher suite SSL_RSA_WITH_AES_128_CBC_SHA (with SSL 3.0 protocol):
tlsprobe -c SSL_RSA_WITH_AES_128_CBC_SHA www.google.com
List all Cipher Suites supported by Active Directory Domain Controller 10.0.0.5 with LDAP over ssl/tls (ldaps, tcp port 636):
tlsprobe -F -p 636 10.0.0.5
>>Server mode
Listen for TLS connections on TCP port 443 and print Cipher Suites offered by the client:
tlsprobe -S 0.0.0.0
Listen for TLS connections on TCP port 8443 and print Cipher Suites offered by the client:
tlsprobe -S -p 8443 0.0.0.0
For more help about possible options, try:
tlsprobe --help