Skip to navigation Skip to main content Skip to footer

Tool Release: SSLyze v0.8 released

30 December 2013

By Aaron Haymore

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity.

SSLyze v0.8 released

30 Dec 2013 – Alban Diquet

A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it.

Changelog

  • Additional certificate chain validation using the Apple, Microsoft and Java trust stores in addition to Mozilla’s
  • Added support for StartTLS RDP; see –starttls=rdp
  • Greatly improved the reliability and accuracy of scan results by adding an exponential backoff algorithm to retry failed network connections. This will especially impact scans against servers that stop properly answering after several concurrent connections have already been opened. The number of retry attempts can be controlled using –nb_retries
  • Bug fixes including:
    • Better results when the server requested a client certificate but none was supplied
    • Clarified text and XML output

Packages

SSLyze requires Python 2.7; the supported platforms are Windows 7 32/64 bits, Linux 32/64 bits and OS X 64 bits.

SSLyze is statically linked with OpenSSL 1.0.1e. For this reason, the easiest way to run SSLyze is to download one the pre-compiled packages available in the release section of the project’s page on GitHub.