SSLyze Python API¶
Release 2.1.0
This is the documentation for using SSLyze as a Python module.
Overview¶
The Python API gives full access to SSLyze’s SSL/TLS scanning engine, which can analyze the SSL configuration of a server by connecting to it, and detect various issues (bad certificates, dangerous cipher suites, lack of session resumption, etc.).
A simple example on how to run a scan follows:
def demo_synchronous_scanner():
# Run one scan command to list the server's TLS 1.0 cipher suites
try:
server_tester = ServerConnectivityTester(
hostname='smtp.gmail.com',
port=587,
tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP
)
print(f'\nTesting connectivity with {server_tester.hostname}:{server_tester.port}...')
server_info = server_tester.perform()
except ServerConnectivityError as e:
# Could not establish an SSL connection to the server
raise RuntimeError(f'Could not connect to {e.server_info.hostname}: {e.error_message}')
command = Tlsv10ScanCommand()
synchronous_scanner = SynchronousScanner()
scan_result = synchronous_scanner.run_scan_command(server_info, command)
for cipher in scan_result.accepted_cipher_list:
print(f' {cipher.name}')
Using SSLyze as a Python module makes it easy to implement SSL/TLS scanning as part of continuous security testing platform, and detect any misconfiguration across a range of public and/or internal endpoints.
User’s Guide¶
At high-level, running SSL/TLS scans against a server is a two-step process, described in the following sections:
Available Scan Commands¶
The list of all the scan comands SSLyze can run against a server is available in the following section:
Extending SSLyze¶
SSLyze is built using a plugin system, which makes it easy to add new capabilities to the tool: