How to use the command 'sslscan' (with examples)
sslscan is a tool designed to perform a comprehensive scan of SSL/TLS security protocols and ciphers used by a server. This utility assists in identifying potential security risks by providing detailed information about the SSL/TLS capabilities and configurations of the server. sslscan is particularly useful for IT professionals and security analysts aiming to ensure the integrity and security of network communications.
Use case 1: Test a server on port 443
Code:
sslscan example.com
Motivation:
Testing a server on its standard SSL/TLS port, port 443, is a fundamental task when evaluating the security of a web server. This default port is generally used for HTTPS traffic, and assessing it helps determine if the server supports outdated or vulnerable encryption protocols and ciphers. By doing so, system administrators and security professionals can ensure that the communication between the server and the clients is encrypted and secure from potential eavesdropping or man-in-the-middle attacks.
Explanation:
sslscan
: This calls the sslscan command, prompting the tool to start.example.com
: This is the domain of the server being tested. The domain name must point to a server to perform a meaningful scan. Without a domain name linked to an IP address, the command cannot identify which server to test.
Example Output:
Version: 1.11.11-static
OpenSSL 1.1.1 11 Sep 2018
Testing SSL server example.com on port 443
Supported Server Cipher(s):
Preferred TLSv1.2 128 bits AES-SHA
Accepted TLSv1.2 128 bits AES-SHA256
Accepted TLSv1.3 192 bits TLS_AES_192_GCM_SHA256
Server Certificate:
Subject: example.com
Issuer: Trusted CA
Validity: From Dec 20 00:00:00 2022 GMT
Until Dec 19 23:59:59 2023 GMT
Use case 2: Test a specified port
Code:
sslscan example.com:465
Motivation:
Many servers run SSL/TLS services on non-standard ports, especially for services other than HTTPS, such as email (SMTP over SSL, typically on port 465). By specifying a port, sslscan can evaluate these services to ensure they are securely configured. This is crucial for enterprises and service providers that manage various network services requiring encryption.
Explanation:
sslscan
: Initiates the sslscan tool to perform its operations.example.com:465
: This specifies both the server (example.com) and the port (465) to be scanned. Non-standard ports for SSL/TLS services need explicit declaration to be assessed, which allows for a broader security evaluation outside of common HTTPS ports.
Example Output:
Version: 1.11.11-static
OpenSSL 1.1.1 11 Sep 2018
Testing SSL server example.com on port 465
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256
Server Certificate:
Subject: mail.example.com
Issuer: Trusted CA
Validity: From Mar 1 00:00:00 2023 GMT
Until Feb 28 23:59:59 2024 GMT
Use case 3: Show certificate information
Code:
testssl --show-certificate example.com
Motivation:
Understanding the details of a server’s SSL/TLS certificate is essential for verifying the authenticity and trustworthiness of a service. Displaying the certificate information allows users to ensure the certificate is issued by a reputable Certificate Authority (CA), check the expiration date, and confirm its applicability to the current domain. This is a important step in avoiding potential security breaches or trust issues in digital communications.
Explanation:
testssl --show-certificate
: This is an alternative command used to display detailed certificate information about a server. It specifically focuses on gathering and displaying SSL/TLS certificate details.example.com
: Represents the domain whose SSL/TLS certificate will be reviewed. This is the target server for which the certificate details are required.
Example Output:
Testing server example.com on port 443
Server Certificate Information:
Subject: example.com
Issuer: Secure CA
Serial: 09:87:65:43:21:FF:EE:DD:CC:BB:AA
Validity: From Jan 15 00:00:00 2023 GMT
Until Jan 14 23:59:59 2024 GMT
Public Key: 2048 bit RSA
Conclusion:
The sslscan
command, accompanied by tools like testssl
, provides invaluable insights into server security configurations. By using these utilities, IT professionals can assess the compliance and robustness of SSL/TLS implementations, mitigate potential vulnerabilities, and reinforce the security of server-client communications. By understanding each use case and the output it provides, users can ensure the integrity and reliability of their network services.