Comprehensive IT Services

Testing TLS/SSL Encryption on Any Port is a free and open-source, feature-rich command-line tool used for checking TLS/SSL encryption enabled services for supported ciphers, protocols, and some cryptographic flaws

How to Install and Use in Linux

Important: You should be using bash (which comes preinstalled on most Linux distributions) and a newer OpenSSL version (1.1.1) is recommended for effective usage.

You can install testssl. sh by cloning this git repository as shown:

# git clone --depth 1
# cd

After the cloning, the general use case is probably just to run the following command to do a test against a website.

# ./

To run a check against STARTTLS enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql, use the -t option.

# ./ -t smtp

By default, all mass tests are done in serial mode, you can enable parallel testing using the --parallel flag.

# ./ --parallel

If you do not want to use the default system openssl program, use the --openssl flag to specify an alternative.

# ./ --parallel --sneaky --openssl /path/to/your/openssl

You might want to keep logs for later analysis, has the --log (store log file in the current directory) or --logfile (specify log file location) option for that.

# ./ --parallel --sneaky --logging

To disable DNS lookup, which can increase test speeds, use the -n flag.

# ./ -n --parallel --sneaky --logging

Run Single Checks Using

You can also run single checks for protocols, server defaults, server preferences, headers, various types of vulnerabilities plus many other tests. There are a number of options provided for this.

For example, the -e flag enables you to check each local cipher remotely. If you want to make the test much faster, use include the --fast flag; this will omit some checks, in case you are using openssl for all ciphers, it only displays the first proffered cipher.

# ./ -e --fast --parallel

The -p option allows for testing TLS/SSL protocols (including SPDY/HTTP2).

# ./ -p --parallel --sneaky


You can view the server’s default picks and certificate using the -S option.

# ./ -S

Next, to see the server’s preferred protocol+cipher, use the -P flag.

# ./ -P

The -U option will help you test all vulnerabilities (if applicable).

# ./ -U --sneaky

Unfortunately, we can not exploit all the options here, use the command below to see a list of all options.

# ./ --help

If you need more info at -> Github repository: