Secure Information Technology Center – Austria

SSL Check for Clients/Cerver

The A-SIT SSL tool consists of two parts. The “Browser test” is capable of reviewing and evaluating the SSL/TLS capabilities of web browsers, while the “Server test” performs investigative actions on web servers. A classification is performed on the tested components, indicating whether the tested components are qualified for use in security-critical environments.

Status

The SSL tool is available as download (see the end of this page) as well as online version at http://demoapps.a-sit.at/ssl-tool/.

Documents

Associated with the SSL tool, A-SIT has elaborated a strategy paper, regarding SSL/TLS communication security (for online E-Government procedures). The paper also gives recommendations about transfer formats, suited for the exchange of certificates.

Instructions

  1. General
    This tool enables the testing of servers and browsers and categorizes the result into according security classes.
  2. Requirements
    The SSL tool has the following prerequisites:

    • Java Runtime Environment (or SDK) Version >= 1.7
    • Apache Tomcat >= 7 (optional)

    The Tomcat container is only required if the tool is used as servlet. It can also be used as standalone application. In order to invoke the test programs, a SSL-capable web browser (in current version) is required.

  3. Execution
    1. Execution as standalone program:
      • using UNIX:
        • Client SSL tool: ./startup-client.sh
        • Server SSL tool: ./startup-server.sh
      • using Windows:
        • Client SSL tool: ./startup-client.bat
        • Server SSL tool: ./startup-server.bat

      Before executing, the JAVA_HOME variable needs to be set. If it is already configured, this step can be omitted.

    2. Execution as servlet:
      Prior to the first start, the servlet (ssl-tool.war) needs to be copied to the webapps folder of Tomcat. The servlets are automatically initialized when Tomcat starts.
  4. Working with the tool
    1. Client SSL tool:
      The capabilities of a Internet browser can be tested by opening the following URL (with the browser to be tested):

      If the SSL tool is not running on the same machine, localhost needs to be replaced with the IP address of the machine. After a short amount of time the tool reports which SSL versions, cipher suites, ciphers and key exchange algorithm are supported. If available, the tool also shows client certificates.

    2. Server SSL tool:
      The capabilities of a Internet server can be tested by using the server check:

      If the SSL tool is not running on the same machine, localhost needs to be replaced with the IP address of the corresponding machine. The site allows to enter the address of the to be tested server. After entering the name of the server and starting the test, the tool reports which SSL versions, cipher suites, ciphers and key exchange algorithm are supported. Additionally, the tool shows the available server certificate and the certificate chain.

Downloads

Title Version Date
Security Recommendations for the Application of SSL/TLS (DE, PDF) 1.0 2016-02-15
A-SIT SSL Tool 1.2.5 2016-02-15

History

Note Version Date
Support for multiple IP-addresses (Changelog) 1.2.5 2016-02-15
Bugfix SSL Client Tool (changelog)
1.2.2
2016-01-19
Update Jan 2016 (changelog)
1.2
2016-01-18
Initial public release
1.1
2014-07-21

Posted 15.02.2016, Kategorie: IT-Security.