How to Install Sslyze
Supported platforms are Windows 7 and Linux, both 32 and 64 bits. Other platforms (including Mac OS X) are not officially supported yet, but SSLyze might work if you’re lucky.
Prerequisites: Python 2.6 or 2.7 and OpenSSL 0.9.8+.
Prerequisites: Python 2.6 or 2.7. OpenSSL 1.0.0c is part of the installation package. There is one package for Python 32 bits, and one for Python 64 bits.
The following command line should be used:
$ python sslyze.py [options] www.target1.com www.target2.com:443 etc…
Several command line options are available. See the other articles within the wiki for more details regarding each options.
Performs a regular scan. It’s a shortcut for –sslv2 –sslv3 –tlsv1 –reneg –resum –certinfo=basic.
Lists the SSL 2.0 / SSL 3.0 / TLS 1.0 OpenSSL cipher suites supported by the server.
Checks whether the server is vulnerable to insecure renegotiation.
Tests the server for session resumption support, using both session IDs and TLS session tickets (RFC 5077).
Estimates the average rate of successful session resumptions by performing 100 session resumptions.
Verifies the server’s certificate validity against Mozilla’s trusted root store, and prints relevant fields of the certificate.
Configures SSlyze to use a client certificate in case the server performs mutual authentication. The following options are required:
–cert=CERT Client certificate filename.
–certform=CERTFORM Client certificate format. DER or PEM (default).
–key=KEY Client private key filename.
–keyform=KEYFORM Client private key format. DER or PEM (default).
- –pass=KEYPASS Client private key passphrase.
Sets the timeout value in seconds used for every socket connection made to the target server(s). It forces SSLyze to wait more (or less) time for the target server to respond. Default value is 5s.