- Find details of a websites SSL certificate.
- Detect weak ciphers in use by an SSL implementation, that may pose a security risk to the system.
- Discover SSLv2, a version of SSL with known security vulnerabilities.
About SSL Certificate Checking
SSL (and TLS)
provide encrypted communication over the Internet, SSL 2.0 has known vulnerabilities and it is recommended that it no longer be used. PCI compliance for example also mandates that the version SSL 2.0 not be used and the version must be SSL 3.0.
While it can be used for any TCP based service such as FTP, NNTP, SMTP – it is most commonly used to encrypt web traffic. User awareness has become such that non-technical users are aware of the importance of the HTTPS in the URL and the “padlock” in the browser status bar when browsing secure sites such as Internet banking and email.
Recent news has included efforts by Facebook and Twitter to implement full SSL based sessions, to protect against session hijacking (firesheep) and snooping by governments of oppressive regimes.
Using nmap and openssl this online test will query an SSL enabled IP or web address and gather details of the SSL Certificate that is being used. SSL on IIS or Apache or any other web servers will be queried. Nmap NSE scripts are used for the SSL Check, they will determine details of the certificate as well as the version of ciphers in use and whether they are SSL 3.0 or SSL 2.0. PCI Compliance
requires that SSL version 3.0 be used and SSL 2.0 is disabled.