TLS / HTTPS Troubleshooting Tools

I spend a lot of time professionally working on TLS issues. Here are some of the tools I find useful.

openssl

The default TLS libraries and command line tools for Linux & other systems. You can perform many tasks with this alone, eg to check the certificates on a website:

openssl s_client -connect www.paypal.com:443

curl

General HTTP / HTTPS + more command line tool. Supplied with Linux distros and windows too now! Offers particularly good support for proxying. To check certificate & headers from a webserver for example:

curl -I -v https://www.google.com

Qualys SSL Server Test

A website that checks whether your https servers are correctly configured. Not much use if the servers are internal though (see below).

SSLyze

Python based command-line tool to check TLS sites.

testSSL.sh

Bash / openssl (so minimal dependencies) tool to check TLS sites. Useful if you want to quickly check which versions of TLS protocol & which ciphers are offered.

certainly something

A firefox extension that gives you 1-click access to viewing website certificate information – as browsers are increasingly hiding this information away.

jCurl

Java based version of curl, useful to debug any java related TLS issues. Works with custom keystores, client certificates, etc.

mitmproxy

A Man-In-The-Middle proxy that supports TLS decryption. A bit more friendly than Wireshark due to its specialization.