SSL Labs is great, but only support port 443.
`htbridge and digicert allows to use a custom port.
OpenSSL s_client can make TLS connections to any endpoint.
It's the underlying tool for lots of other tools.
echo 0 | openssl s_client -ign_eof -prexit -connect $HOST:$PORT
# Enabling TLSv1.0 (disabled by default as unsecure)
echo 0 | openssl s_client -ign_eof -prexit -connect $HOST:$PORT -tls1testssl.sh is a great and complete SSL test tool.
# Testing with standard CAs
testssl.sh $HOST:$PORT
# Testing with IGTF CAs
export CA_BUNDLES_PATH=/etc/grid-security/certificates
testssl.sh $HOST:$PORTcheck_ssl_cert is a nagios probes used by EGI Monitoring.
git clone https://github.com/matteocorti/check_ssl_cert
cd check_ssl_cert
# Testing with standard CAs
./check_ssl_cert -p $PORT -H $HOSTNAME
# Testing with IGTF CAs
./check_ssl_cert -p $PORT -H $HOSTNAME -r /etc/grid-security/certificates
# Testing (broken!!) TLSv1.0 support with IGTF CAs
./check_ssl_cert -p $PORT -H $HOSTNAME -r /etc/grid-security/certificates --tls1
# Debugging
./check_ssl_cert -p $PORT -H $HOSTNAME -d
sh -x ./check_ssl_cert -p $PORT -H $HOSTNAME -dcurl -tls1_0 https://tlstest.paypal.com
curl -tls1_1 https://tlstest.paypal.com
curl -tls1_2 https://tlstest.paypal.com
curl -tls1_3 https://tlstest.paypal.com- GracefulSecurity: TLS/SSL Vulnearibilities
- digicert: Deprecating TLS 1.0 & 1.1
- Comodo: Deprecation of TLSv1.0
- GlobalSign: It’s Time to Disable TLS 1.0 (and All SSL Versions) If You Haven’t Already
- NCSC.nl: guidelines for TLS configuration
TLSv1.0 and TLSv1.1 support is expected to be dropped by major browsers in March 2020.
- Google: Modernizing Transport Security
- Mozilla deprecating TLSv1.0 and TLSv1.1
- Apple deprecating TLSv1.0 and TLSv1.1
- Microsoft deprecating TLSv1.0 and TLSv1.1
- SSLv3 (and before)
- TLSv1.0 (see RFC draft for deprecation)
- TLSv1.1 (see RFC draft for deprecation)
- TLSv1.2
- TLSv1.3 (when available)