安裝:
# make # make install (as root)
or
yum install sslscan (但測試好像有點問題,建議改用自己編譯)
or
git clone https://github.com/rbsec/sslscan
cd sslscan
make static
安裝後
check smtp starttls 25 port:
/usr/bin/sslscan --starttls-smtp --show-certificate 203.66.132.160:25:25
check https 443 port:
$ /usr/bin/sslscan --show-certificate v6.m2ktrial.openfind.com.tw:443 Version: 1.11.0 OpenSSL 1.0.1e-fips 11 Feb 2013 Testing SSL server v6.m2ktrial.openfind.com.tw on port 443 TLS renegotiation: Secure session renegotiation supported TLS Compression: Compression disabled Heartbleed: TLS 1.2 not vulnerable to heartbleed TLS 1.1 not vulnerable to heartbleed TLS 1.0 not vulnerable to heartbleed Supported Server Cipher(s): Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 256 bits CAMELLIA256-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 128 bits CAMELLIA128-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 256 bits CAMELLIA256-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 128 bits CAMELLIA128-SHA Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 256 bits CAMELLIA256-SHA Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.0 128 bits AES128-SHA Accepted TLSv1.0 128 bits CAMELLIA128-SHA
僅看 support cihpers:
sslscan --show-cihpers 172.16.30.103:993
綠色部分表示合格;黃色部分表示警告;紅色部分為不建議使用。