Skip to content

Latest commit

 

History

History
48 lines (39 loc) · 3.3 KB

README.md

File metadata and controls

48 lines (39 loc) · 3.3 KB

ssltest

A Java-based tool to test SSL connections to servers.

This is a command-line tool to test server support for TLS protocols and ciphers. It can be used to debug problems you may be having with either a Java-based client tool (such as your own Java application) or the server itself (though there are better tools available to test the server if that's all you care about).

The code is meant to be readable, reusable, and instructive. Many TLS-related operations in Java appear to be complicated and verbose, and this code is intended to show Java programmers how to e.g. load key stores and trust stores, configure SSLSocketFactory objects, and make secure connections to remote servers.

Note that this code merely connects to the server and completes a TLS handshake. It does not perform e.g. any HTTP request or handle any response. That means that it will be equally useful for testing a web server's HTTPS connector as it will be for testing an LDAP server's LDAPS connector.

There are two .java source files which contain everything. You can use Apache ant or the build.sh script to compile the .java source and bundle it into an executable JAR file, which an be run like this:

$ java -jar ssltest.jar [options]

The options SSLTest accepts are as follows. Only the hostname of the target server is required, and the default port is 443 (HTTPS).

Usage: java class SSLTest [opts] host[:port]

-sslprotocol                 Sets the SSL/TLS protocol to be used (e.g. SSL, TLS, SSLv3, TLSv1.2, etc.)
-enabledprotocols protocols  Sets individual SSL/TLS ptotocols that should be enabled
-ciphers cipherspec          A comma-separated list of SSL/TLS ciphers
-cipherFilter filter         A regular expression containing cipher suite patterns which should be REMOVED from the acceptable list (e.g. '(NULL|anon|RC4)')
-connectonly                 Don't scan; only connect a single time
-keystore                    Sets the key store for connections (for TLS client certificates)
-keystoretype type           Sets the type for the key store
-keystorepassword pass       Sets the password for the key store
-keystoreprovider provider   Sets the crypto provider for the key store
-truststore                  Sets the trust store for connections
-truststoretype type         Sets the type for the trust store
-truststorepassword pass     Sets the password for the trust store
-truststorealgorithm alg     Sets the algorithm for the trust store
-truststoreprovider provider Sets the crypto provider for the trust store
-crlfilename                 Sets the CRL filename to use for the trust store
-check-certificate           Checks certificate trust (default: false)
-no-check-certificate        Ignores certificate errors (default: true)
-verify-hostname             Verifies certificate hostname (default: false)
-no-verify-hostname          Ignores hostname mismatches (default: true)
-showcerts                   Show server's certificate chain information
-showsslerrors               Show SSL/TLS error details
-showhandshakeerrors         Show SSL/TLS handshake error details
-showerrors                  Show all connection error details
-hiderejects                 Only show protocols/ciphers which were successful

-client-info                 Show this client's capabilities and exit
-h -help --help              Shows this help message