I spend a lot of time professionally working on TLS issues. Here are some of the tools I find useful.
The default TLS libraries and command line tools for Linux & other systems. You can perform many tasks with this alone, eg to check the certificates on a website:
openssl s_client -connect www.paypal.com:443
General HTTP / HTTPS + more command line tool. Supplied with Linux distros and windows too now! Offers particularly good support for proxying. To check certificate & headers from a webserver for example:
curl -I -v https://www.google.com
Qualys SSL Server Test
A website that checks whether your https servers are correctly configured. Not much use if the servers are internal though (see SSLyze below).
Python based command-line tool to check TLS sites. Windows binary also available.
Bash / openssl (so minimal dependencies) tool to check TLS sites. Useful if you want to quickly check which versions of TLS protocol & which ciphers are offered. One of my favourite tools.
A firefox extension that gives you 1-click access to viewing website certificate information – as browsers are increasingly hiding this information away.
Java based version of curl, useful to debug any java related TLS issues. Works with custom keystores, client certificates, etc.
A Man-In-The-Middle proxy that supports TLS decryption. A bit more friendly than Wireshark due to its specialization.
crt.sh lets you view certificate history for a domain.
check-crt-key.sh is a small script written by myself to check if keys match up to certificates.
wireshark / tcpdump
If you need to dig deep into the TLS handshake etc, tcpdump & its’ companion GUI app wireshark are the tools of choice. A basic tutorial.
A quick script written by me to view the certificate chain on a site – useful to ensure you’re including the intermediate for example.