Install Testssl.sh on Ubuntu 20.04

Testssl.sh is a tool that allows to check if service in the server supports specified SSL/TLS ciphers and protocols. This tool enables to test any SSL/TLS enabled service, not only webserver that running on port 443.

This tutorial demonstrates how to install Testssl.sh on Ubuntu 20.04.

Install Testssl.sh

From GitHub repository get default branch name and assign it to variable:

DEFAULT_BRANCH_NAME=$(curl -s "https://api.github.com/repos/drwetter/testssl.sh" | grep -Po '"default_branch": "\K.+dev')

Run the following command to download Testssl.sh:

wget -O testssl.tar.gz https://github.com/drwetter/testssl.sh/archive/${DEFAULT_BRANCH_NAME}.tar.gz

Create a new directory for storing Testssl.sh and extract the tar.gz file to it:

sudo mkdir /opt/testssl
sudo tar xf testssl.tar.gz --strip-components=1 -C /opt/testssl

In /usr/local/bin directory we can create a symbolic link to the testssl.sh command:

sudo ln -s /opt/testssl/testssl.sh /usr/local/bin/testssl.sh

Now testssl.sh command is available for all users as a system-wide command.

We can check Testssl.sh version:

testssl.sh --version

The tar.gz file is no longer need to keep, remove it:

rm -rf testssl.tar.gz

Testing Testssl.sh

Execute the following command to test SSL/TLS enabled website:

testssl.sh https://www.google.com

Example of a part of the output:

..........
 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered (deprecated)
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   grpc-exp, h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1, grpc-exp (offered)
..........

Uninstall Testssl.sh

If you want to completely remove Testssl.sh, delete the installation directory:

sudo rm -rf /opt/testssl

Remove symbolic link:

sudo rm -rf /usr/local/bin/testssl.sh

Leave a Comment

Your email address will not be published. Required fields are marked *