- #Tls versions check software#
- #Tls versions check code#
- #Tls versions check free#
FinalScore – calculates a final score for websites (only websites). Heartbleed – Heartbleed check, web and mail Web and DNS must run before. AgeDE – checks, if a server supports the german age declaration for youth protection and which default/minimum age are given. CipherStrength must run first, its result is used. CipherStrengthOnlyValidCerts – exactly the same as CipherStrength, but counts only web cipher strengths when the certificate is valid. MailCipherStrength – the same, but for mailserver. CipherStrength – Checks for supported SSL/TLS versions and cipher suites of websites, checks if BSI and Bettercrypto recommendations are met and much more. Dummy – A small and simple example module counts the top level domains. 
Mail - Checks if the MX are reachable an support STARTTLS DNS must run before, some results are used here.Web – Basic web tests: check if there is a website and if HTTPS is supported redirect checks and some more.DNS – Does some DNS Checks, tests for IPv4 and IPv6 IPs, counts MX (Mail eXchanger).The default order is fine.įor more Documentation see the doc in Security::TLSCheck::Checks::xxx If a check is dependant on another, then the order is important. TLS-Check comes with the following check modules they are enabled by default.
But it is easy to write a module which outputs the result as JSON, XML or whatever. The output of TLS-Check is CSV by default, for import in Excel, Numbers, LibreOffice or similar. We have some limitations because of privacy reasons.Tests must run in parallel to reduce the runtime.It should be easy to add new checks: It makes easy things easy and hard things possible – reliable, testable.It knows about 362 different cipher suites, 455 with duplicates.
#Tls versions check code#
Because TLS-Check uses it's own code for SSL/TLS Handshake, it supports every possible ciphersuite. It should allow to check every known or unknown cipher suite, not limited to e.g.
#Tls versions check free#
TLS-Check is not free of errors, but tries to have testable, extendable, maintainable code. Some of the tools for checking SSL/TLS cipher suites are really ugly hacks, violating all best practice rules, have no or very few automated tests, have ugly spaghetti code, are unmaintainable or buggy. TLS-Check uses it's own SSL/TLS handshake implementation, because we found no acceptable other solution.
The most important subtests in TLS-Check are SSL/TLS checks. 
from counting how many servers support IPv6 or the different top level domains to counting how many supports the really old SSLv2 protocol.
We need a flexible and extensible tool to check every possible key figure for a given domain – e.g. But none meets all our requirements at starting with TLS-Check in 2014: SSLyze, OWASP O-Saft, ssl-cipher-suite-enum, testssl.sh and much more). There are a lot of tools, which check servers for their SSL/TLS capabilities (e.g. Why writing another SSL/TLS testing tool? What are the primary goals? input or output).ĭevelopment contracted by Chamber of Commerce and Industry of the Stuttgart (Germany) Region and its committee of information technology, information services and telecommunication. It is highly modular and each part of the code can be replaced (e.g. It can count how many servers support encryption or not, good or weak SSL/TLS-Versions, good or weak cipher suites, how many websites or mailservers are vulnerable to security problems like Heartbleed, how many support IPv6, how many support all recommendations of the BSI or Bettercrypto project and much much more. Its primary goal is to get key figures about SSL/TLS connections. supported SSL/TLS-Versions and cipher suites. #Tls versions check software#
a software for analyzing and summarizing the security and encryption of given domains, e.g. a modular framework for collecting and summarizing arbitrary key figures for a lot of domains and their running servers (usually Web- and Mailserver). TLS-Check – Collect information about domains and their servers
0 kommentar(er)
