Ways to test your server for SSL vulnerabilities

Overview

Self-testing for SSL vulnerabilities can be performed via several methods. Each of the methods below gives visibility into slightly different facets of the SSL configuration and posture of the server.

Information

For Internet-facing SSL Web servers on TCP Port 443

Qualys' SSL Tester
Note: Remember to check the Do not show the results on the boards box

  • Results in orange or red should be remediated

Mozilla's SSL Observatory

  • Results with a red X should be evaluated for remediation

For internal-only servers or servers on non-standard ports

Testssl.sh bash script
Note: This script may require a recent [less than 3 year old] *nix installation to work

  • Results in orange or red should be remediated
  • Results in yellow should be evaluated for relevance and security impact

For advanced testing

Please use the Information Security Consulting ticket form