Provided by: sslscan_2.0.7-1build1_amd64 bug


       sslscan - Fast SSL/TLS scanner


       sslscan [options] [host:port | host]


       sslscan queries SSL/TLS services (such as HTTPS) and reports the protocol versions, cipher
       suites, key exchanges, signature algorithms, and certificates in use.  This helps the user
       understand which parameters are weak from a security standpoint.

       Terminal output is thus colour-coded as follows:

       Red Background  NULL cipher (no encryption)
       Red              Broken  cipher  (<=  40  bit), broken protocol (SSLv2 or SSLv3) or broken
       certificate signing algorithm (MD5)
       Yellow          Weak cipher (<= 56 bit or  RC4)  or  weak  certificate  signing  algorithm
       Purple          Anonymous cipher (ADH or AECDH)

       sslscan  can  also  output  results  into  an  XML  file  for easy consumption by external


              Show summary of options

              A file containing a list of hosts to check. Hosts can be supplied with ports  (i.e.
              host:port). One target per line

              Use a different hostname for SNI

       --ipv4, -4
              Force  IPv4  DNS  resolution.   Default is to try IPv4, and if that fails then fall
              back to IPv6.

       --ipv6, -6
              Force IPv6 DNS resolution.  Default is to try IPv4, and if  that  fails  then  fall
              back to IPv6.

              Display certificate information.

              Don't flag certificates signed with weak algorithms (MD5 and SHA-1) or short (<2048
              bit) RSA keys

              Show a list of CAs that the server allows for client authentication. Will be  blank
              for IIS/Schannel servers.

              Show a complete list of ciphers supported by sslscan

              Print the hexadecimal cipher IDs

              Show  the  time  taken  for each handshake in milliseconds. Note that only a single
              request is made with each cipher, and that the  size  of  the  ClientHello  is  not
              constant,  so  this  should  not  be  used  for  proper benchmarking or performance

              You might want to also use --no-cipher-details to make the output a bit clearer.

              Only check if SSLv2 is enabled

              Only check if SSLv3 is enabled

              Only check TLS 1.0 ciphers

              Only check TLS 1.1 ciphers

              Only check TLS 1.2 ciphers

              Only check TLS 1.3 ciphers

              Only check TLS ciphers (versions 1.0, 1.1, 1.2, and 1.3)

              Display OCSP status

              A file  containing  the  private  key  or  a  PKCS#12  file  containing  a  private
              key/certificate pair (as produced by MSIE and Netscape)

              The password for the private key or PKCS#12 file

              A file containing PEM/ASN1 formatted client certificates

              Do not scan for supported ciphersuites.

              Do not check for TLS Fallback Signaling Cipher Suite Value (fallback)

              Do not check for secure TLS renegotiation

              Do not check for TLS compression (CRIME)

              Do not check for OpenSSL Heartbleed (CVE-2014-0160)

              Do not enumerate key exchange groups

              Enumerate signature algorithms

              STARTTLS setup for FTP

              STARTTLS setup for IMAP

              STARTTLS setup for IRC

              STARTTLS setup for LDAP

              STARTTLS setup for POP3

              STARTTLS setup for SMTP

              STARTTLS setup for MySQL

              STARTTLS setup for XMPP

              STARTTLS setup for PostgreSQL

              Perform a server-to-server XMPP connection. Try this if --starttls-xmpp is failing.

              Send RDP preamble before starting scan.

              Enables workarounds for SSL bugs

              Set  socket  timeout.  Useful  for hosts that fail to respond to ciphers they don't
              understand. Default is 3s.

              Pause between connections. Useful on  STARTTLS  SMTP  services,  or  anything  else
              that's performing rate limiting. Default is disabled.

              Output results to an XML file. - can be used to mean stdout.

              Show version of program

              Display verbose output

              Hide NIST EC curve name and EDH/RSA key length.

              Disable coloured output.


       Scan a local HTTPS server
              sslscan localhost
              sslscan [::1]
              sslscan [::1]:443


       sslscan was originally written by Ian Ventura-Whiting <>.
       sslscan was extended by Jacob Appelbaum <>.
       sslscan was extended by rbsec <>.
       This manual page was originally written by Marvin Stark <>.

                                          March 19, 2020                               SSLSCAN(1)