Skip to content
Inspect SSL/TLS versions and ciphers of a server
JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
lib
.eslintrc.json
.gitignore
CHANGELOG.md
CONTRIBUTING.md
LICENSE.txt
README.md
index.js
package.json

README.md

NPM

npm version Maintainability Dependency Status License Stories in Ready Known Vulnerabilities Badges

Table of Contents generated with DocToc

SSL Info

Utility library for determining which SSL/TLS versions and ciphers a server supports

Installation

This module requires NodeJS v6.9 or higher

npm install sslinfo --save

Note: This library requires an OpenSSL installation - the newer the better.

Usage

Get the server certificate, enabled SSL/TLS protocols, and supported ciphers.

var sslinfo = require('sslinfo');

sslinfo.getServerResults({ host: "www.google.com", port: 443 })
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error})
    });

Note: To get results from servers which support SNI (all servers of cloudflare for example), specify which servername should be transmitted to the remote server:

sslinfo.getServerResults({ host: "www.cloudflare.com", port: 443, servername: "www.cloudflare.com" })

The getServerResults() function returns a promise that should be resolved by implementing done().

Sample output:

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        ... certificate information ...
    },
    "protocols": [
        {
            "protocol": "SSLv2_method",
            "name": "SSLv2",
            "enabled": false,
            "error": "The installed openssl library does not support \"SSLv2_method\""
        },
        {
            "protocol": "SSLv3_method",
            "name": "SSLv3",
            "enabled": true
        },
        {
            "protocol": "TLSv1_method",
            "name": "TLSv1",
            "enabled": true
        },
        {
            "protocol": "TLSv1_1_method",
            "name": "TLSv1.1",
            "enabled": true
        },
        {
            "protocol": "TLSv1_2_method",
            "name": "TLSv1.2",
            "enabled": true
        }
    ],
    "ciphers": {
        "SSLv3_method": {
            ...
        },
        "TLSv1_method": {
            "name": "TLSv1",
            "enabled": [
                ... enabled cipher list ...
            ],
            "disabled": [
                ... disabled cipher list ...
            ],
            "unsupported": [
                ... ciphers unsupported by the OpenSSL version ...
            ]
        },
        "TLSv1_1_method": {
            ...
        },
        "TLSv1_2_method": {
            ...
        }
    }
}

Beginning with NodeJS 4.0.0, SSLv2 and SSLv3 are disabled by default. The sample output will be slightly different in this case.

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        ... certificate information ...
    },
    "certPEM": '... PEM encoded certificate ...',
    "protocols": [
        {
            "protocol": "SSLv2_method",
            "name": "SSLv2",
            "enabled": false,
            "error": "This version of NodeJS does not support \"SSLv2_method\""
        }
    ]
}

Get only the certificate information for a server

var sslinfo = require('sslinfo');

sslinfo.getCertificateInfo({ host: "www.google.com", port: 443 })
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error})
    });

The getCertificateInfo() function returns a promise that should be resolved by implementing done().

Sample output:

{
    "host": "www.google.com",
    "port": 443,
    "cert": {
        { version: 2,
             subject:
              { countryName: 'US',
                stateOrProvinceName: 'California',
                localityName: 'Mountain View',
                organizationName: 'Google Inc',
                commonName: 'www.google.com' },
             issuer:
              { countryName: 'US',
                organizationName: 'Google Inc',
                commonName: 'Google Internet Authority G2' },
             ... more cert info ...
    },
    "certPEM": '... PEM encoded certificate ...'
}

Get information about the installed OpenSSL version

var sslinfo = require('sslinfo');

sslinfo.getOpenSSLCapabilities()
    .done(function (results) {
        console.log(results);
    },
    function (error) {
        console.log("Error", {error: error});
    });

The getOpenSSLCapabilities() function returns a promise that should be resolved by implementing done().

Sample output (from Mac OS X 10.10.3):

{
    "version": "OpenSSL 0.9.8zd 8 Jan 2015",
    "protocols": {
        "supported": [
            "SSLv3",
            "TLSv1",
            "TLSv1.1",
            "TLSv1.2"
        ],
        "unsupported": [
            "SSLv2"
        ]
    },
    "ciphers": {
        "supported": [
            ... ciphers supported by this OpenSSL version ...
        ],
        "unsupported": [
            ... ciphers supported by this tool, but not the installed OpenSSL version ...
        ]
    }
}

Note: The unsupported cipher list is not necessarily correct. I'm going to investigate how to make this information more useful.

You can’t perform that action at this time.