_______ .______ _______. _______. __
| \ | _ \ / | / || |
| .--. || |_) | | (----` | (----`| |
| | | || / \ \ \ \ | |
| '--' || |\ \----.----) | .----) | | `----.
|_______/ | _| `._____|_______/ |_______/ |_______|
Diagnose your SSL
-----------------
Description:
Testing SSL setups to a host and analyses the server's SSL/TLS handshake and
certificate information.
Author:
Oscar Koeroo <okoeroo@gmail.com>
Build:
gcc -o drssl drssl.c -lssl -lcrypto
Use:
./drssl --host www.twitter.com
Usage:
./drssl --help
--help
--host <host or IP>
--port <port> - default is: 443
--4 (force IPv4 - default is system specific)
--6 (force IPv6 - default is system specific)
--2 (use SSLv2)
--3 (use SSLv3)
--10 (use TLSv1.0) - the default
--11 (use TLSv1.1)
--12 (use TLSv1.2)
--cafile <path to CA (bundle) file>
--capath <path to CA directory>
--cert <path to client certificate>
--key <path to client private key file>
--passphrase <passphrase to unlock the client private key file>
--cipherlist <cipher list>
--sni <TLS SNI (Server Name Indication) hostname>
--dumpdir <dir where all certs and info will be dumped>
--noverify (mute the verification callback, always 'ok')
--quiet (just mute)
--timeout <seconds> (max time to setup the TCP/IP connection)
--force-dump (creates dump directory if it doesn't exist yet)
--csvfile <path to output CSV file>
Supports:
- TLS SNI (Server Name Indication)
- OCSP Stapling
See BUGS file for known bugs and current limitations
Feedback is welcome via GitHub.