sslinfo

    0.2.0 • Public • Published

    NPM

    npm version bitHound Overall Score Dependency Status License Stories in Ready Known Vulnerabilities Badges

    Table of Contents generated with DocToc

    SSL Info

    Utility library for determining which SSL/TLS versions and ciphers a server supports

    Installation

    This module requires NodeJS v6.9 or higher

    npm install sslinfo --save

    Note: This library requires an OpenSSL installation - the newer the better.

    Usage

    Get the server certificate, enabled SSL/TLS protocols, and supported ciphers.

    var sslinfo = require('sslinfo');
    
    sslinfo.getServerResults({ host: "www.google.com", port: 443 })
        .done(function (results) {
            console.log(results);
        },
        function (error) {
            console.log("Error", {error: error})
        });
    

    Note: To get results from servers which support SNI (all servers of cloudflare for example), specify which servername should be transmitted to the remote server:

    sslinfo.getServerResults({ host: "www.cloudflare.com", port: 443, servername: "www.cloudflare.com" })
    

    The getServerResults() function returns a promise that should be resolved by implementing done().

    Sample output:

    {
        "host": "www.google.com",
        "port": 443,
        "cert": {
            ... certificate information ...
        },
        "protocols": [
            {
                "protocol": "SSLv2_method",
                "name": "SSLv2",
                "enabled": false,
                "error": "The installed openssl library does not support \"SSLv2_method\""
            },
            {
                "protocol": "SSLv3_method",
                "name": "SSLv3",
                "enabled": true
            },
            {
                "protocol": "TLSv1_method",
                "name": "TLSv1",
                "enabled": true
            },
            {
                "protocol": "TLSv1_1_method",
                "name": "TLSv1.1",
                "enabled": true
            },
            {
                "protocol": "TLSv1_2_method",
                "name": "TLSv1.2",
                "enabled": true
            }
        ],
        "ciphers": {
            "SSLv3_method": {
                ...
            },
            "TLSv1_method": {
                "name": "TLSv1",
                "enabled": [
                    ... enabled cipher list ...
                ],
                "disabled": [
                    ... disabled cipher list ...
                ],
                "unsupported": [
                    ... ciphers unsupported by the OpenSSL version ...
                ]
            },
            "TLSv1_1_method": {
                ...
            },
            "TLSv1_2_method": {
                ...
            }
        }
    }
    

    Beginning with NodeJS 4.0.0, SSLv2 and SSLv3 are disabled by default. The sample output will be slightly different in this case.

    {
        "host": "www.google.com",
        "port": 443,
        "cert": {
            ... certificate information ...
        },
        "certPEM": '... PEM encoded certificate ...',
        "protocols": [
            {
                "protocol": "SSLv2_method",
                "name": "SSLv2",
                "enabled": false,
                "error": "This version of NodeJS does not support \"SSLv2_method\""
            }
        ]
    }
    

    Get only the certificate information for a server

    var sslinfo = require('sslinfo');
    
    sslinfo.getCertificateInfo({ host: "www.google.com", port: 443 })
        .done(function (results) {
            console.log(results);
        },
        function (error) {
            console.log("Error", {error: error})
        });
    

    The getCertificateInfo() function returns a promise that should be resolved by implementing done().

    Sample output:

    {
        "host": "www.google.com",
        "port": 443,
        "cert": {
            { version: 2,
                 subject:
                  { countryName: 'US',
                    stateOrProvinceName: 'California',
                    localityName: 'Mountain View',
                    organizationName: 'Google Inc',
                    commonName: 'www.google.com' },
                 issuer:
                  { countryName: 'US',
                    organizationName: 'Google Inc',
                    commonName: 'Google Internet Authority G2' },
                 ... more cert info ...
        },
        "certPEM": '... PEM encoded certificate ...'
    }
    

    Get information about the installed OpenSSL version

    var sslinfo = require('sslinfo');
    
    sslinfo.getOpenSSLCapabilities()
        .done(function (results) {
            console.log(results);
        },
        function (error) {
            console.log("Error", {error: error});
        });
    

    The getOpenSSLCapabilities() function returns a promise that should be resolved by implementing done().

    Sample output (from Mac OS X 10.10.3):

    {
        "version": "OpenSSL 0.9.8zd 8 Jan 2015",
        "protocols": {
            "supported": [
                "SSLv3",
                "TLSv1",
                "TLSv1.1",
                "TLSv1.2"
            ],
            "unsupported": [
                "SSLv2"
            ]
        },
        "ciphers": {
            "supported": [
                ... ciphers supported by this OpenSSL version ...
            ],
            "unsupported": [
                ... ciphers supported by this tool, but not the installed OpenSSL version ...
            ]
        }
    }
    

    Note: The unsupported cipher list is not necessarily correct. I'm going to investigate how to make this information more useful.

    Install

    npm i sslinfo

    DownloadsWeekly Downloads

    1

    Version

    0.2.0

    License

    Apache-2.0

    Unpacked Size

    31.7 kB

    Total Files

    12

    Last publish

    Collaborators

    • iamthechad