I spend a lot of time professionally working on TLS issues. Here are some of the tools I find useful.

openssl

The default TLS libraries and command line tools for Linux & other systems. You can perform many tasks with this alone, eg to check the certificates on a website:

openssl s_client -connect www.paypal.com:443

OpenSSL cheatsheet

curl

General HTTP / HTTPS + more command line tool. Supplied with Linux distros and windows too now! Offers particularly good support for proxying. To check certificate & headers from a webserver for example:

curl -I -v https://www.google.com

Qualys SSL Server Test

A website that checks whether your https servers are correctly configured. Not much use if the servers are internal though (see SSLyze below).

SSLyze

Python based command-line tool to check TLS sites. Windows binary also available.

testSSL.sh

Bash / openssl (so minimal dependencies) tool to check TLS sites. Useful if you want to quickly check which versions of TLS protocol & which ciphers are offered. One of my favourite tools.

certainly something

A firefox extension that gives you 1-click access to viewing website certificate information – as browsers are increasingly hiding this information away.

jCurl

Java based version of curl, useful to debug any java related TLS issues. Works with custom keystores, client certificates, etc.

mitmproxy

A Man-In-The-Middle proxy that supports TLS decryption. A bit more friendly than Wireshark due to its specialization.

crt.sh

crt.sh lets you view certificate history for a domain.

check-crt-key.sh

check-crt-key.sh is a small script written by myself to check if keys match up to certificates.

wireshark / tcpdump

If you need to dig deep into the TLS handshake etc, tcpdump & its’ companion GUI app wireshark are the tools of choice. A basic tutorial.

peerchain

A quick script written by me to view the certificate chain on a site – useful to ensure you’re including the intermediate for example.