JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
.gitignore
CHANGELOG.md
CONTRIBUTING.md
LICENSE.txt
README.md
index.js
package.json

README.md

NPM

npm version bitHound Overall Score Dependency Status License Stories in Ready Badges

Table of Contents generated with DocToc

SSL Info

Utility library for determining which SSL/TLS versions and ciphers a server supports

Installation

This module requires NodeJS 0.12.0 or higher. It will not work on older versions!

You may need to install node-gyp first globally: npm install -g node-gyp (use sudo if needed)

npm install sslinfo --save

Note: This library requires an OpenSSL installation - the newer the better.

Usage

Get the server certificate, enabled SSL/TLS protocols, and supported ciphers.

var sslinfo = require('sslinfo');

sslinfo.getServerResults({ host: "www.google.com", port: 443 })
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error})
    });

Note: To get results from servers which support SNI (all servers of cloudflare for example), specify which servername should be transmitted to the remote server:

sslinfo.getServerResults({ host: "www.cloudflare.com", port: 443, servername: "www.cloudflare.com" })

The getServerResults() function returns a promise that should be resolved by implementing done().

Sample output:

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        ... certificate information ...
    },
    "protocols": [
        {
            "protocol": "SSLv2_method",
            "name": "SSLv2",
            "enabled": false,
            "error": "The installed openssl library does not support \"SSLv2_method\""
        },
        {
            "protocol": "SSLv3_method",
            "name": "SSLv3",
            "enabled": true
        },
        {
            "protocol": "TLSv1_method",
            "name": "TLSv1",
            "enabled": true
        },
        {
            "protocol": "TLSv1_1_method",
            "name": "TLSv1.1",
            "enabled": true
        },
        {
            "protocol": "TLSv1_2_method",
            "name": "TLSv1.2",
            "enabled": true
        }
    ],
    "ciphers": {
        "SSLv3_method": {
            ...
        },
        "TLSv1_method": {
            "name": "TLSv1",
            "enabled": [
                ... enabled cipher list ...
            ],
            "disabled": [
                ... disabled cipher list ...
            ],
            "unsupported": [
                ... ciphers unsupported by the OpenSSL version ...
            ]
        },
        "TLSv1_1_method": {
            ...
        },
        "TLSv1_2_method": {
            ...
        }
    }
}

Beginning with NodeJS 4.0.0, SSLv2 and SSLv3 are disabled by default. The sample output will be slightly different in this case.

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        ... certificate information ...
    },
    "protocols": [
        {
            "protocol": "SSLv2_method",
            "name": "SSLv2",
            "enabled": false,
            "error": "This version of NodeJS does not support \"SSLv2_method\""
        }
    ]
}

Get information about the installed OpenSSL version

var sslinfo = require('sslinfo');

sslinfo.getOpenSSLCapabilities()
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error});
    });

The getOpenSSLCapabilities() function returns a promise that should be resolved by implementing done().

Sample output (from Mac OS X 10.10.3):

{
    "version": "OpenSSL 0.9.8zd 8 Jan 2015",
    "protocols": {
        "supported": [
            "SSLv3",
            "TLSv1",
            "TLSv1.1",
            "TLSv1.2"
        ],
        "unsupported": [
            "SSLv2"
        ]
    },
    "ciphers": {
        "supported": [
            ... ciphers supported by this OpenSSL version ...
        ],
        "unsupported": [
            ... ciphers supported by this tool, but not the installed OpenSSL version ...
        ]
    }
}

Note: The unsupported cipher list is not necessarily correct. I'm going to investigate how to make this information more useful.