Update 08/13/2014: v1.1 is here.
SSL and TLS have been getting a lot of attention from me lately, and recently I found myself in want of a tool that would tell me precisely which protocol versions and cipher suites a given server supported.
Sure, there's SSLScan and SSLScan-Win, but those tools haven't been updated in 5 years, and thus don't support the newer versions of TLS, 1.1 and 1.2. And of course there are nice websites like SSL Labs that do a fine job, but I wanted to use this tool to audit internal/private systems too, not just internet web servers.
So I created a new tool and called it SharpTLSScan. It's pure C# and has no reliance on outside libraries (such as OpenSSL,) and I managed to avoid the pain of directly interfacing with the SChannel API as well.
SharpTLSScan comes with the "It works on my machine (tm)" guarantee. It's free, and the source will probably show up on Github pretty soon.
Here are some screenshots:
Usage is simple - SharpTLSScan myhost:636
First, the server's certificate is inspected and validated. Next, a default connection is negotiated, which is useful for seeing what kind of connection your system would negotiate on its own. Then, all protocol versions and all cipher suites are tested to see what the server will support. (This can take a couple of minutes.) Things that are obviously good (such as the certificate validating) are highlighted in green, while things that are obviously bad (such as SSL v2 support) are highlighted in red. Things that are fair, but not great, (such as MD5 hashes) are in yellow.
The reason why the protocol versions seem interleaved is a side-effect of a the multithreading in the program. I'll likely fix it in the next update.
Here you go:SharpTLSScan.zip (14.3KB)