{"id":13549202,"url":"https://github.com/client9/sslassert","last_synced_at":"2025-04-02T22:31:30.851Z","repository":{"id":146516627,"uuid":"11362980","full_name":"client9/sslassert","owner":"client9","description":"simple scripts to make sure your web server is configured correctly under HTTPS","archived":true,"fork":false,"pushed_at":"2013-10-01T10:32:55.000Z","size":432,"stargazers_count":57,"open_issues_count":1,"forks_count":9,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-03T18:34:35.815Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/client9.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-07-12T07:19:44.000Z","updated_at":"2024-05-18T04:56:50.000Z","dependencies_parsed_at":"2023-03-24T13:46:22.654Z","dependency_job_id":null,"html_url":"https://github.com/client9/sslassert","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/client9%2Fsslassert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/client9%2Fsslassert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/client9%2Fsslassert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/client9%2Fsslassert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/client9","download_url":"https://codeload.github.com/client9/sslassert/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246905105,"owners_count":20852812,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:01:19.334Z","updated_at":"2025-04-02T22:31:30.449Z","avatar_url":"https://github.com/client9.png","language":"CSS","funding_links":[],"categories":["CSS","others"],"sub_categories":[],"readme":"sslassert\n==============\n\nSimple unit tests to make sure your web server is configured correctly under SSL.\n\nIt's in `sh` (subset of `bash`).  Why?  It's one file, no\ninstallation, only requires openssl, and basic posix shell stuff.  And\nmostly it's calling out to OpenSSL anyways, so why not bash?\n\n\nsslfacts\n--------------\n\n```\nexport HOSTPORT=www.google.com\nexport URLPATH=/\nsource sslassert.sh\n```\n\nWill then generate a number of facts based on the site:\n\n* accepted and rejected cipher suites\n* protocol support for sslv2 - tls1.2\n* various statistics on symmetric and public key cryptography\n* various certificate facts\n* common problems and attacks\n\nYou can see the full fact list by running the sample script\n\n```\n./sslfact.sh libinjection.client9.com\n```\n\nsslassert\n---------------\n\nThen you'll want to test the facts against what your expectations.\n\nThe same script below shows how.  You can use any of the bash test\noperators (e.g. -gt,-ge,-lt,-le,-ne,-eq, =, !=, \u003e etc)\n\n\n```\n#!/bin/sh\n\nexport HOSTPORT=www.google.com\nexport URLPATH=/\n\nsource sslassert.sh\n\nsslassert 'secure-renegotiation               = on'\nsslassert 'compression                        = off'\nsslassert 'certificate-length               -ge 1024'\nsslassert 'protocol-ssl-v2                    = off'\nsslassert 'protocol-tls-v12                   = on'\nsslassert 'crypto-weak                        = off'\nsslassert 'beast-attack                       = off'\n\nexit $SSLASSERT_EXIT\n```\n\nand that's it.\n\n\n\n\n\nNote for later reference:\n\n\nCertificate chain is not self-signed\n------------------------------------\n\n```\nCertificate chain\n 0 s:/OU=Domain Control Validated/CN=YOUR SERVER HERE\n   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=1234\n 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=1234\n   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority\n 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority\n   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority\n```\n\nLooking at #2 in the chain, you'll see a self-signed cert for\nGo-Daddy.  That's normally inside the http-client already, so sending\nit is kinda weird, and might cause problems.  It's certainly a waste\nof space.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclient9%2Fsslassert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclient9%2Fsslassert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclient9%2Fsslassert/lists"}