Table of Contents generated with DocToc
Utility library for determining which SSL/TLS versions and ciphers a server supports
This module requires NodeJS v6.9 or higher
npm install sslinfo --save
Note: This library requires an OpenSSL installation - the newer the better.
var sslinfo = require('sslinfo');
sslinfo.getServerResults({ host: "www.google.com", port: 443 })
.done(function (results) {
console.log(results);
},
function (error) {
console.log("Error", {error: error})
});
Note: To get results from servers which support SNI (all servers of cloudflare for example), specify which servername
should be transmitted to the remote server:
sslinfo.getServerResults({ host: "www.cloudflare.com", port: 443, servername: "www.cloudflare.com" })
The getServerResults()
function returns a promise that should be resolved by implementing done()
.
Sample output:
{
"host": "www.google.com",
"port": 443,
"cert": {
... certificate information ...
},
"protocols": [
{
"protocol": "SSLv2_method",
"name": "SSLv2",
"enabled": false,
"error": "The installed openssl library does not support \"SSLv2_method\""
},
{
"protocol": "SSLv3_method",
"name": "SSLv3",
"enabled": true
},
{
"protocol": "TLSv1_method",
"name": "TLSv1",
"enabled": true
},
{
"protocol": "TLSv1_1_method",
"name": "TLSv1.1",
"enabled": true
},
{
"protocol": "TLSv1_2_method",
"name": "TLSv1.2",
"enabled": true
}
],
"ciphers": {
"SSLv3_method": {
...
},
"TLSv1_method": {
"name": "TLSv1",
"enabled": [
... enabled cipher list ...
],
"disabled": [
... disabled cipher list ...
],
"unsupported": [
... ciphers unsupported by the OpenSSL version ...
]
},
"TLSv1_1_method": {
...
},
"TLSv1_2_method": {
...
}
}
}
Beginning with NodeJS 4.0.0, SSLv2 and SSLv3 are disabled by default. The sample output will be slightly different in this case.
{
"host": "www.google.com",
"port": 443,
"cert": {
... certificate information ...
},
"certPEM": '... PEM encoded certificate ...',
"protocols": [
{
"protocol": "SSLv2_method",
"name": "SSLv2",
"enabled": false,
"error": "This version of NodeJS does not support \"SSLv2_method\""
}
]
}
var sslinfo = require('sslinfo');
sslinfo.getCertificateInfo({ host: "www.google.com", port: 443 })
.done(function (results) {
console.log(results);
},
function (error) {
console.log("Error", {error: error})
});
The getCertificateInfo()
function returns a promise that should be resolved by implementing done()
.
Sample output:
{
"host": "www.google.com",
"port": 443,
"cert": {
{ version: 2,
subject:
{ countryName: 'US',
stateOrProvinceName: 'California',
localityName: 'Mountain View',
organizationName: 'Google Inc',
commonName: 'www.google.com' },
issuer:
{ countryName: 'US',
organizationName: 'Google Inc',
commonName: 'Google Internet Authority G2' },
... more cert info ...
},
"certPEM": '... PEM encoded certificate ...'
}
var sslinfo = require('sslinfo');
sslinfo.getOpenSSLCapabilities()
.done(function (results) {
console.log(results);
},
function (error) {
console.log("Error", {error: error});
});
The getOpenSSLCapabilities()
function returns a promise that should be resolved by implementing done()
.
Sample output (from Mac OS X 10.10.3):
{
"version": "OpenSSL 0.9.8zd 8 Jan 2015",
"protocols": {
"supported": [
"SSLv3",
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"unsupported": [
"SSLv2"
]
},
"ciphers": {
"supported": [
... ciphers supported by this OpenSSL version ...
],
"unsupported": [
... ciphers supported by this tool, but not the installed OpenSSL version ...
]
}
}
Note: The unsupported
cipher list is not necessarily correct. I'm going to investigate how to make this information more useful.