Security testing for SSL/TLS vulnerabilities with SSLyze


Transport Layer Security (TLS), normally known as SSL, is one of the foremost widely used protocols to secure network communications. As prices fall user security and privacy expectations raise corporation’s area unit deploying it additional wide per annum. Attacks against the CA (Certificate Authority) system, SSL implementation flaws, and aging protocol versions have grabbed news headlines, attention to weak configurations, and therefore the need to avoid them. In addition, server misconfiguration has continually greatly inflated the overhead caused by SSL, deceleration the transition to improved communications security.

To help get better system configuration there is a popular python tool among hackers and crackers called SSLYZE. SSLyze can give you the report of flaws exist in your SSL implementation by checking for insecure renegotiation, scanning for weak ciphers, checking for SSLv2, SSLv3, and TLSv1 versions, information dump of the server certificate, checking for Heartbleed , Poodle and CRIME type vulnerabilities and so on.

Working of SSLyze

SSLyze is totally written in Python code however it uses an OpenSSL wrapper written in C known as nassl, that was specifically developed for permitting SSLyze to access the low-level OpenSSL apis required to perform deep SSL testing.

Let’s Start

Here I m using Linux Ubuntu system to install SSLyze but you can also install it on windows.

So SSLyze can be easily installed via pip:

$ pip install sslyze

Or you can clone the repository from github and install it with other requirements. Use following commands to install sslyze:

$ git clone

$ cd sslyze

On Linux, the `python-devel` package needs to be installed first so that the nassl C extension can be compiled:

$ sudo apt-get install python-dev


Then final command type:

$ pip install -r requirements.txt --target ./lib



Now our SSLyze tools is finally installed in our system lets use it.

Now type in your terminal:

$ python --regular




So by this means you can see full report of your SSL configuration which will help you to improve your infrastructure security and SSL implementation.

In my command I used --regular as an options because --regular option is a short form for finding --sslv2, --sslv3, --tlsv1, –reneg (Session Renegotiation), --resum (Session Resumption), --certinfo=basic.

You can also use different options for different work like:

For testing server for session resumption rate support, using both session IDs and TLS session tickets


Or for client certificate following OPTIONS are required:

--cert=CERT   Client certificate filename.

--pass=KEYPASS   Client private key passphrase.

For certificate info:

--certinfo=CERTINFO  Verifies the validity of the server certificate.

--ca_file=CA_FILE Local   Certificate Authority file (in PEM format)

To check for heartbleed:

--heartbleed  Tests the server(s) for the OpenSSL Heartbleed vulnerability.

Author:  Provensec is a leading cyber security services provider like penetration testing services, online website scanner etc catering to midsized businesses. Provensec LLC is amongst top 10 contributors on Packet Storm for responsible disclosures and security research. You can contact Provensec at [email protected].

August 29, 2016


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023