Testssl.sh is a tool that allows to check if service in the server supports specified SSL/TLS ciphers and protocols. This tool enables to test any SSL/TLS enabled service, not only webserver that running on port 443.
This tutorial demonstrates how to install Testssl.sh on Ubuntu 20.04.
Install Testssl.sh
From GitHub repository get default branch name and assign it to variable:
DEFAULT_BRANCH_NAME=$(curl -s "https://api.github.com/repos/drwetter/testssl.sh" | grep -Po '"default_branch": "\K.+dev')Run the following command to download Testssl.sh:
wget -O testssl.tar.gz https://github.com/drwetter/testssl.sh/archive/${DEFAULT_BRANCH_NAME}.tar.gzCreate a new directory for storing Testssl.sh and extract the tar.gz file to it:
sudo mkdir /opt/testssl
sudo tar xf testssl.tar.gz --strip-components=1 -C /opt/testsslIn /usr/local/bin directory we can create a symbolic link to the testssl.sh command:
sudo ln -s /opt/testssl/testssl.sh /usr/local/bin/testssl.shNow testssl.sh command is available for all users as a system-wide command.
We can check Testssl.sh version:
testssl.sh --versionThe tar.gz file is no longer need to keep, remove it:
rm -rf testssl.tar.gzTesting Testssl.sh
Execute the following command to test SSL/TLS enabled website:
testssl.sh https://www.google.comExample of a part of the output:
..........
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY grpc-exp, h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1, grpc-exp (offered)
..........Uninstall Testssl.sh
If you want to completely remove Testssl.sh, delete the installation directory:
sudo rm -rf /opt/testsslRemove symbolic link:
sudo rm -rf /usr/local/bin/testssl.sh
Leave a Comment
Cancel reply