Fast and powerful SSL/TLS scanning library.
Alternatives To Sslyze
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Mitmproxy30,5784234314 hours ago53June 28, 2022261mitPython
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
17 days ago40mitJavaScript
⚙️ NGINX config generator on steroids 💉
Nginx Admins Handbook12,393
a year ago1mitShell
How to improve NGINX performance, security, and other important things.
Sslyze2,90415912 hours ago60May 14, 202223agpl-3.0Python
Fast and powerful SSL/TLS scanning library.
2 years ago32apache-2.0Python
An on-path blackbox network traffic security testing tool
5 months ago193apache-2.0HTML
:lock: Memorable site for testing clients against bad SSL configs.
Ssl Kill Switch22,083
2 years ago11otherObjective-C
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Curl Impersonate1,978
a month ago30mitPython
curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
Sites Using Cloudflare1,922
6 years ago6
:broken_heart: Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
a day ago7January 01, 190087gpl-2.0C
The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
Alternatives To Sslyze
Select To Compare

Alternative Project Comparisons


Run Tests Downloads PyPI version Python version

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elliptic curves, etc.), and that it is not vulnerable to known TLS attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).

Key features

  • Focus on speed and reliability: SSLyze is a battle-tested tool that is used to reliably scan hundreds of thousands of servers every day.
  • Easy to operationalize: SSLyze can be directly run from CI/CD, in order to continuously check a server against Mozilla's recommended TLS configuration.
  • Fully documented Python API to run scans directly from any Python application, such as a function deployed to AWS Lambda.
  • Support for scanning non-HTTP servers including SMTP, XMPP, LDAP, POP, IMAP, RDP, Postgres and FTP servers.
  • Results of a scan can easily be saved to a JSON file for later processing.
  • And much more!

Quick start

On Windows, Linux (x86 or x64) and macOS, SSLyze can be installed directly via pip:

$ pip install --upgrade pip setuptools wheel
$ pip install --upgrade sslyze
$ python -m sslyze "[2607:f8b0:400a:807::2004]:443"

It can also be used via Docker:

$ docker run --rm -it nablac0d3/sslyze:5.0.0

Lastly, a pre-compiled Windows executable can be downloaded from the Releases page.

Python API Documentation

Documentation for SSLyze's Python API is available here.

Usage as a CI/CD step

By default, SSLyze will check the server's scan results against Mozilla's recommended "intermediate" TLS configuration, and will return a non-zero exit code if the server is not compliant.

$ python -m sslyze
Checking results against Mozilla's "intermediate" configuration. See for more details. OK - Compliant.

The Mozilla configuration to check against can be configured via --mozilla_config={old, intermediate, modern}:

$ python -m sslyze --mozilla_config=modern
Checking results against Mozilla's "modern" configuration. See for more details. FAILED - Not compliant.
    * certificate_types: Deployed certificate types are {'rsa'}, should have at least one of {'ecdsa'}.
    * certificate_signatures: Deployed certificate signatures are {'sha256WithRSAEncryption'}, should have at least one of {'ecdsa-with-SHA512', 'ecdsa-with-SHA256', 'ecdsa-with-SHA384'}.
    * tls_versions: TLS versions {'TLSv1.2'} are supported, but should be rejected.
    * ciphers: Cipher suites {'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'} are supported, but should be rejected.

This can be used to easily run an SSLyze scan as a CI/CD step.

Development environment

To setup a development environment:

$ pip install --upgrade pip setuptools wheel
$ pip install -e . 
$ pip install -r dev-requirements.txt

The tests can then be run using:

$ invoke test


Copyright (c) 2023 Alban Diquet

SSLyze is made available under the terms of the GNU Affero General Public License (AGPL). See LICENSE.txt for details and exceptions.

Popular Security Projects
Popular Ssl Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.