Features

The following is a highlight of some of the features available.

Information gathering

TLS connection characteristics

SO_KEEPALIVE, SO_RCVBUF, SO_LINGER, SO_TIMEOUT, SO_REUSEADDR, SO_SENDBUFF, CLIENT_AUTH_REQ, CLIENT_AUTH_WANT, TRAFFIC_CLASS, TCP_NODELAY, ENABLED_PROTOCOLS, DEFLATE_COMPRESSION

X.509 certificate metadata

Validity, SubjectDN, IssuerDN, Serial Number, Signature Algorithm, Signature Algorithm OID, Certificate Version, Certificate Fingerprint (in signing algorithm), Critical/Non-Critical sections

TLS ciphersuite naming conventions

Return human readable ciphersuite names in the following conventions: GnuTLS, NSS, OpenSSL, IANA

Identify web server ciphersuites

Enumerate server ciphersuite along with an strength evaluation. Ciphersuite strength evaluation is provided by Mozilla Observatory project via a REST interface periodically and the output is included in the project build. The point is that I don't provide an evaluation of ciphersuite strength myself and that live connections are not opened behind the firewall to fetch information real-time.

Identify signature algorithms

Identified the certificate signing algorithm

Identify certificate validity and expiration

Simple status if certificate is valid or not and validity date range

Print X.509 certificate metadata

X.509 supported metadata including critical/non-critical sections

Identify Trusted/Not Trusted status

Certificate chains back to a trusted root

Server analysis

Encryption strength

Minimal and achievable encryption strength in bits

Attacks

BEAST, CRIME, AND FREAK