Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 

NPM

npm version Maintainability Dependency Status License Known Vulnerabilities Maintenance Badges

Table of Contents generated with DocToc

SSL Info

Utility library for determining which SSL/TLS versions and ciphers a server supports

Installation

This module requires NodeJS v6.9 or higher

npm install sslinfo --save

Note: This library requires an OpenSSL installation - the newer the better.

Usage

Get the server certificate, enabled SSL/TLS protocols, and supported ciphers.

var sslinfo = require('sslinfo');

sslinfo.getServerResults({ host: "www.google.com", port: 443 })
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error})
    });

Note: To get results from servers which support SNI (all servers of cloudflare for example), specify which servername should be transmitted to the remote server:

sslinfo.getServerResults({ host: "www.cloudflare.com", port: 443, servername: "www.cloudflare.com" })

The getServerResults() function returns a promise that should be resolved by implementing done().

Sample output:

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        ... certificate information ...
    },
    "protocols": [
        {
            "protocol": "SSLv2_method",
            "name": "SSLv2",
            "enabled": false,
            "error": "The installed openssl library does not support \"SSLv2_method\""
        },
        {
            "protocol": "SSLv3_method",
            "name": "SSLv3",
            "enabled": true
        },
        {
            "protocol": "TLSv1_method",
            "name": "TLSv1",
            "enabled": true
        },
        {
            "protocol": "TLSv1_1_method",
            "name": "TLSv1.1",
            "enabled": true
        },
        {
            "protocol": "TLSv1_2_method",
            "name": "TLSv1.2",
            "enabled": true
        }
    ],
    "ciphers": {
        "SSLv3_method": {
            ...
        },
        "TLSv1_method": {
            "name": "TLSv1",
            "enabled": [
                ... enabled cipher list ...
            ],
            "disabled": [
                ... disabled cipher list ...
            ],
            "unsupported": [
                ... ciphers unsupported by the OpenSSL version ...
            ]
        },
        "TLSv1_1_method": {
            ...
        },
        "TLSv1_2_method": {
            ...
        }
    }
}

Beginning with NodeJS 4.0.0, SSLv2 and SSLv3 are disabled by default. The sample output will be slightly different in this case.

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        ... certificate information ...
    },
    "certPEM": '... PEM encoded certificate ...',
    "protocols": [
        {
            "protocol": "SSLv2_method",
            "name": "SSLv2",
            "enabled": false,
            "error": "This version of NodeJS does not support \"SSLv2_method\""
        }
    ]
}

Get only the certificate information for a server

var sslinfo = require('sslinfo');

sslinfo.getCertificateInfo({ host: "www.google.com", port: 443 })
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error})
    });

The getCertificateInfo() function returns a promise that should be resolved by implementing done().

Sample output:

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        { version: 2,
             subject:
              { countryName: 'US',
                stateOrProvinceName: 'California',
                localityName: 'Mountain View',
                organizationName: 'Google Inc',
                commonName: 'www.google.com' },
             issuer:
              { countryName: 'US',
                organizationName: 'Google Inc',
                commonName: 'Google Internet Authority G2' },
             ... more cert info ...
    },
    "certPEM": '... PEM encoded certificate ...'
}

Get information about the installed OpenSSL version

var sslinfo = require('sslinfo');

sslinfo.getOpenSSLCapabilities()
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error});
    });

The getOpenSSLCapabilities() function returns a promise that should be resolved by implementing done().

Sample output (from Mac OS X 10.10.3):

{
    "version": "OpenSSL 0.9.8zd 8 Jan 2015",
    "protocols": {
        "supported": [
            "SSLv3",
            "TLSv1",
            "TLSv1.1",
            "TLSv1.2"
        ],
        "unsupported": [
            "SSLv2"
        ]
    },
    "ciphers": {
        "supported": [
            ... ciphers supported by this OpenSSL version ...
        ],
        "unsupported": [
            ... ciphers supported by this tool, but not the installed OpenSSL version ...
        ]
    }
}

Note: The unsupported cipher list is not necessarily correct. I'm going to investigate how to make this information more useful.

About

Inspect SSL/TLS versions and ciphers of a server

Resources

License

Packages

No packages published