COMMANDS
There are commands for various tests according the SSL connection to
the target, the targets certificate and the used ciphers.
All commands are prepended by a + character to easily distinguish
from other arguments and options. However, some --OPTIONS options are
treated as commands for historical reason or compatibility with other
programs.
The most important commands are (in alphabetical order):
+check +cipher +info +http +list +quick +sni +sni_check +version
A brief list of all available commands will be printed with:
cmd
o-saft.pl --help=cmd
The description of all other commands will be printed with:
commands
o-saft.pl --header --help=commands
The summary and internal commands return requested information or the
results of checks. These are described below.
Note that some commands may be a combination of other commands, see:
intern
o-saft.pl --header --help=intern
The following sub-sections only describe the commands, which do more
than giving a simple information from the target. All other commands
can be listed with:
commands
o-saft.pl --header --help=commands
The final sub-sections Notes about commands describes some notes
about special commands and related commands.
^
Commands for information about this tool
All these commands will exit after execution (cannot be used together
with other commands).
Show known ciphers in format like openssl ciphers.
It also accepts the -v and -V option (like openssl).
Use +list command for more information according ciphers.
Show all ciphers supported by this tool. This includes cryptogrphic
details of the cipher and some internal details.
Different output formats are used for the --legacy=* option:
--legacy=simple – simple space-separated output
--legacy=full – TAB-separated output with more data
--legacy=owasp – simple output sorted according OWASP scoring
--legacy=openssl – output same as with +ciphers command
--legacy=ssltest – output like ssltest --list
Just show version and exit.
Show version information for both the program and the Perl modules
that it uses, then exit.
Use --v option to show more details.
Show version of openssl.
Show internal data and exit, used for testing and debugging only.
Please see TESTING below.
^
Commands to check SSL details
Following (summary and internal) commands are simply a shortcut for a
list of other commands. For details of the list use:
intern
o-saft.pl --help=intern
Check the SSL connection for security issues. Implies +cipher .
Print details about the targets hostname, DNS, etc.
These details are usually printed only for the +check and +info
command, but not for any individual command.
Perform HTTP checks (like STS, redirects etc.).
Overview of most important details of the SSL connection.
Use --v option to show details also, which span multiple lines.
Quick overview of checks. Implies --enabled and --label=short.
Check if servers offers ciphers with prefect forward secrecy (PFS).
Same as: +cipher-pfs +cipher-pfsall +session_random
Check for protocols supported by target.
Check for various vulnerabilities.
Various checks according STS HTTP header.
This option implies --http, means that --no-http is ignored.
Check for Server Name Indication (SNI) usage.
Check for Server Name Indication (SNI) usage and validity of all
names (CN, subjectAltName, FQDN, etc.).
Various checks according BSI TR-02102-2 and TR-03116-4 compliance.
Various checks according certificate's extended Validation (EV).
Hint: use option --v --v to get information about failed checks.
Check length, size and count of some values in the certificate.
Dump data retrieved from openssl s_client ... call. This should
be used for debugging only.
It can be used just like openssl itself, for example:
openssl s_client -connect host:443 -no_sslv2
Dumps internal data for SSL connection and target certificate. This
is mainly for debugging and should not be used together with other
commands (except +cipher).
Each key-value pair is enclosed in #{ and #} .
Using --trace --trace dumps data of lib/SSLinfo too.
Command used internally when requested to use other libraries.
This command should not be used directly.
^
Commands to test ciphers provided by target
Beside the description of the commands itself here, please see also
Notes about commands below.
Check target for ciphers, either all ciphers, or ciphers specified
with --cipher=CIPHER option.
Use --v option to see all ciphers being checked.
Lists the cipher selected by the server for each protocol sometimes
referred to as default cipher.
For each protocol the two selected ciphers are shown, one returned
by the server if the cipher list in the ClientHello is sorted with
the strongest cipher first, and one returned if the cipher list in
the ClientHello is sorted with strongest cipher last.
See Notes about commands for details.
Checked target for ciphers. All ciphers supported by the server are
printed with their DH or ECDH paramaters (if available).
ciphers.
Check if target accepts NULL ciphers.
Check if target accepts ciphers with anonymous key exchange.
Check if target accepts EXPORT ciphers.
Check if target accepts CBC ciphers.
Check if target accepts DES ciphers.
Check if target accepts RC4 ciphers.
Check if target supports ephemeral ciphers.
Check if target supports ciphers with PFS.
Check if target selects strongest cipher.
Check if target selects weak cipher (oposite of +cipher-strong).
^
Commands to show results of checked connection and certificate details
Certificate CN without SNI
Certificate PEM
Certificate PEM decoded
Certificate Common Name
Certificate Subject
Certificate Issuer
Certificate Subject's Alternate Names
Selected Cipher
Local SSLlib Ciphers
Client Ciphers
Certificate Validity (date)
Certificate valid since
Certificate valid until
Certificate Trust Information
Certificate Email Addresses
Certificate Public Key
Certificate Public Key Algorithm
Certificate Public Key Value
Certificate Public Key Length
Certificate Public Key Modulus
Certificate Public Key Exponent
Certificate Serial Number
Certificate Serial Number (hex)
Certificate Serial Number (int)
Certificate Version
Certificate Signature (hexdump)
Certificate Signature Key Length
Certificate Signature Algorithm
Certificate Signature Key Value
Certificate trusted
Certificate extensions
TLS extensions (debug)
TLS extensions
Certificate extensions Authority Information Access
Certificate extensions Authority key Identifier
Certificate extensions Basic Constraints
Certificate extensions Certificate Policies
Certificate extensions Certificate Policies: CPS
Certificate extensions Certificate Policies: Policy
Certificate extensions Certificate Policies: User Notice
Certificate extensions CRL Distribution Points
Certificate extensions Subject Key Identifier
Certificate extensions Key Usage
Certificate extensions Extended Key Usage
Certificate extensions Netscape Cert Type
Certificate extensions Issuer Alternative Name
Certificate OCSP Responder URL
Certificate OCSP Hashes
Certificate OCSP Subject Hash
Certificate OCSP Public Key Hash
Target's OCSP Response
Target's OCSP Response Data
Target's OCSP Response Status
Target's OCSP Response Cert Status
Target's OCSP Response Next Update
Target's OCSP Response This Update
Certificate Subject Name Hash
Certificate Issuer Name Hash
Certificate Validity (signature)
Certificate Fingerprint Algorithm
Certificate Fingerprint Hash Value
Certificate Fingerprint SHA2
Certificate Fingerprint SHA1
Certificate Fingerprint MD5
Certificate Fingerprint
Certificate Type (bitmask)
Selected SSL Protocol
Target supports Resumption
Target supports Renegotiation
Target supports Compression
Target supports Expansion
Target supports Krb5
Target supports PSK Identity Hint
Target supports PSK
Target supports SRP
Target supports Heartbeat
Target supports Extended Master Secret
Target's advertised protocols
Target's selected protocol (ALPN)
Target's selected protocol (NPN)
Target's supported ALPNs
Target's supported NPNs
Target's Master-Key
Target's Server public key length
Target's Resumption PSK
Target's Session-ID
Target's Session-ID-ctx
Target's selected SSL Protocol
Target's TLS Session Ticket
Target's TLS Session Ticket Lifetime
Target's TLS Session Timeout
Target's TLS Session Start Time EPOCH
Target's TLS Session Start Time locale
Target's DH Parameter
Certificate Chain
CA Chain Verification (trace)
Validity Certificate Chain
CA Chain Verification error
CA Chain Verification error in level
Validity Alternate Names
Validity Hostname
HTTPS Alternate-Protocol
HTTPS Content-Encoding header
HTTPS Transfer-Encoding header
HTTPS Alt-Svc header
HTTPS Status line
HTTPS Server banner
HTTPS Location header
HTTPS Refresh header
HTTPS Error alerts
HTTPS Public-Key-Pins header
HTTPS Body
HTTPS STS header
HTTPS STS in http-equiv
HTTPS STS MaxAge
HTTPS STS include sub-domains
HTTPS STS preload
HTTP Alternate-Protocol
HTTP Alt-Svc header
HTTP Status line
HTTP Location header
HTTP Refresh header
HTTP STS header
internal used SSL options bitmask
Target's fallback SSL Protocol
certificate validity in years
certificate validity in months
certificate validity in days
dummy used for printing DNS stuff
^
Commands to show results of checked certificate data
Certificate chain validated
Certificate Fingerprint is not MD5
Certificate is valid
Certificate is not expired
Certificate is valid according given hostname
Certificate's wildcard does not match hostname
Certificate does not contain wildcards
Certificate is not root CA
Certificate is not self-signed
Certificate Domain Validation (DV)
Certificate strict Extended Validation (EV)
Certificate lazy Extended Validation (EV)
Certificate has OCSP Responder URL
Certificate has Certification Practice Statement
Certificate has CRL Distribution Points
Certificate has (TLS extension) compression
Certificate has (GnuTLS extension) compression
Certificate has (TLS extension) authentication
Certificate has valid OCSP URL
Certificate has valid CPS URL
Certificate has valid CRL URL
Certificate Serial Number size RFC 5280
Certificate Basic Constraints is false
Certificate Private Key Signature SHA2
Certificate Public Key Modulus Exponent <>1
Certificate Public Key Modulus >16385 bits
Certificate Public Key Modulus Exponent =65537
Certificate Public Key Modulus Exponent >65537
Certificate Public Key with Encryption
Certificate Public Key Encryption known
Certificate Private Key with Encryption
Certificate Private Key Encryption known
Certificate Names compliant to RFC 6125
Certificate subjectAltNames compliant to RFC 2818
Certificate does not contain non-printable characters
Certificate does not contain CR, NL, NULL characters
Certificate has no invalid characters in extensions
^
Commands to show results of checked connection data
Given hostname is same as reverse resolved hostname
Connected hostname equals certificate's Subject
Connection is safe against BEAST attack (any cipher)
Connection is safe against BREACH attack
Connection is safe against CCS Injection attack
Connection is safe against CRIME attack
Connection is safe against DROWN attack
Connection is safe against TIME attack
Connection is safe against FREAK attack
Connection is safe against Heartbleed attack
Connection is safe against Logjam attack
Connection is safe against Lucky 13 attack
Connection is safe against POODLE attack
Connection is safe against RC4 attack
Connection is safe against ROBOT attack
Connection is safe against SLOTH attack
Connection is safe against Sweet32 attack
Connection is not based on SNI
^
Commands to show results of checked target (connection) data
Target supports Server Gated Cryptography (SGC)
Target does not support SSLv2
Target does not support SSLv3
Target does not supports TLSv1
Target does not supports TLSv1.1
Target supports TLSv1
Target supports TLSv1.1
Target supports TLSv1.2
Target supports TLSv1.3
Target supports DTLSv1
Target supports DTLSv1.2
Target supports DTLSv1.3
Target supports ALPN
Target supports NPN
Target selects strongest cipher
Target does not honors client's cipher order
Target does not accept weak cipher
Target does not accept NULL ciphers
Target does not accept ADH ciphers
Target does not accept EXPORT ciphers
Target does not accept CBC ciphers
Target does not accept DES ciphers
Target does not accept RC4 ciphers
Target supports EDH ciphers
Target supports PFS (selected cipher)
Target supports PFS (all ciphers)
Target understands TLS closure alerts
Target does not support Compression
Target supports fallback from TLSv1.1
Target is ISM compliant (ciphers only)
Target is PCI compliant (ciphers only)
Target is FIPS-140 compliant
Target is strict TR-02102-2 compliant
Target is lazy TR-02102-2 compliant
Target is strict TR-03116-4 compliant
Target is lazy TR-03116-4 compliant
Target is RFC 7525 compliant
Target does not support method SSTP
Target supports Resumption
Target supports Secure Renegotiation
Target supports Krb5
Target supports PSK Identity Hint
Target supports PSK
Target supports SRP
Target supports OCSP Stapling
Target supports Extended Master Secret
Target supports TLS Session Ticket
Target TLS Session Ticket Lifetime
Target TLS Session Start Time match
Target TLS Session Ticket is random
Target does not support heartbeat extension
Target does not support SCSV
Target DH Parameter >= 512 bits
Target DH Parameter >= 2048 bits
Target DH Parameter >= 256 bits (ECDH)
Target DH Parameter >= 512 bits (ECDH)
^
Commands to show results of checked length and count data
Certificate PEM (base64) size
Certificate PEM (binary) size
Certificate Subject size
Certificate Issuer size
Certificate CPS size
Certificate CRL size
Certificate CRL data size
Certificate OCSP size
Certificate OIDs size
Certificate Public Key size
Certificate Signature Key size
Certificate Subject Altname size
Certificate Chain size
Certificate Serial Number size
Certificate Subject Altname count
Certificate Wildcards count
Certificate Chain Depth count
Total number of checked ciphers
Total number of accepted ciphers
Total number of check results 'no(<<)'
Total number of check results 'no'
Total number of check results 'yes'
Total number of insecure checks
^
Commands to show results of checked HTTP vs. HTTPS data
STS max-age not reset
STS max-age less than one day
STS max-age less than one month
STS max-age less than one year
STS max-age more than one year
STS max-age more than 18 weeks
STS max-age < certificate's validity
Target sends STS header
Target sends STS header with proper max-age
Target sends STS header with includeSubdomain
Target sends STS header with preload
Target redirects with status code 301
Target redirects not with 30x status code
Target redirect matches given host
Target redirects HTTP to HTTPS
Target sends STS and no Location header
Target sends STS and no Refresh header
Target redirects HTTP without STS header
Target redirects HTTP to HTTPS same host
Target does not send STS header for IP
Target does not send STS in meta tag
Target sends Public-Key-Pins header
^
Notes about commands
While +cipher prints checked ciphers, +cipher-dh prints ciphers
with their DH or ECDH paramaters (if available) only for supported
ciphers.
Both commands show the default cipher foreach protocol.
+cipher lists a summary of ciphers selected by the server for each
protocol requested by the user (for example by using options like:
--sslv3 --tlsv1 etc.). When the --v option is used, all selected
ciphers for all known protocols are listed. This summary focuses on
counts for various ciphers.
+cipher-default lists the cipher selected by the server for each
protocol.
+selected lists the cipher selected by the server if no particular
protocol was specified and the system's default cipher list is send
in the ClientHello to the server.
+cipher-default lists the cipher selected by the server for each
protocol.
+strong-cipher shows the result of the check if strong ciphers are
preferred by the server. It is a check command.
+cipher-default lists the cipher selected by the server for each
protocol. It is a information command.
It is not possible to check if a server uses SSLHonorCipherOrder.
Even if it is used (switched on), it is not possible to check the
specified order of the ciphers.
I. g. it is expected that the order is according the cipher suite's
strength, meaning the most strongest first, and the weakest last.
It doesn't make sense to use an order where a weak cipher preceds a
stronger one. Such a (mis-)configuration should be detected.
Having this in mind, the algorithm to detect a proper cipher order
is as simply as follows:
1. pass sorted cipher list with strongest cipher first
2. pass sorted cipher list with strongest cipher last
if the server returns the same cipher for both checks, it's assumed
that it prefers to use the most strongest cipher. In this case it's
obvious that
SSLHonorCipherOrder is set (exceptions see below).
Exceptions:
If either, the server or the client, uses only one cipher suite in
the list, SSLHonorCipherOrder cannot be detected at all.
The same happens, if only one cipher in the client's list matches a
cipher in the server's list.
Certificate extensions are shown with +extensions while the TLS
protocol extensions are shown with +tlsextensions.
Use +tlsextdebug to show more information about the TLS protocol
extensions.
These commands are just an alias for the +protocols command.
The commands +cn and +altname print the information stored in
the certificate.
The command +hostname checks if the given hostname matches the CN
value in the certificate. Note that wildcard names in the CN, only
allow to contain one *.
The command +wildcard checks if the given hostname does not match
any name specified in the certificate's subjectAltname. This check
is useful if the certificate and the configuration must comply to
RFC 6125 or EV certificates.
OPTIONS
All options are written in lowercase. Words written in all capital in
the description here is text provided by the user.
^
Options for help and documentation
Brief documentation of --help* options/commands.
--help
Complete user documentation.
--help*
cmd
Show a brief list of all available commands.
commands
Show available commands with short description.
opts
Show available options; short form.
options
Show available options with their description.
cmds
Show available internal commands with short description.
checks
Show available commands for checks.
data
info
Show available commands for information.
tools
Description of tools around O-Saft, when, where and how to use.
cfg-cmd
Show additional and user specified commands. Output can be used in
rc-file or as option.
check-cfg
cfg-check
Show texts used as labels in output for checks (see +check) ready
for use in rc-file or as option.
data-cfg
cfg-data
cfg-info
Show texts used as labels in output for data (see +info) ready
for use in rc-file or as option.
hint
Show texts used in hint messages.
hint-cfg
cfg-hint
Show texts used in hint messages ready for use in the rc-file or as
option.
text
Show texts used in various messages.
text-cfg
cfg-text
Show texts used in various messages ready for use in the rc-file or
as option.
legacy
Show possible legacy formats (used as value in --legacy=TOOL).
compliance
Show available compliance checks.
intern
Show all internal commands and command lists.
alias
Show alias for commands and options.
pattern
Show list of cipher pattern (used for --cipher=CIPHER).
range
Show list of cipherranges (see --cipherrange=RANGE).
toc
content
Show headlines from help text. Useful to get an overview.
SECTION
toc
Show SECTION from documentation, see --help=toc for a list.
Example:
EXAMPLES
o-saft.pl --help=EXAMPLES
ourstr
Show regular expressions to match our own strings used in output.
regex
Show regular expressions used internally.
gen-html
Print documentation in HTML format.
gen-pod
Print documentation in POD format.
gen-wiki
Print documentation in mediawiki format.
gen-cgi
Print HTML form to be used for CGI.
error
problem
Show KNOWN PROBLEMS section with description of known error and
warning messages.
faq
Show KNOWN PROBLEMS and LIMITATIONS section.
glossary
Show common abbreviation used in the world of security.
links
Show list of URLs related to SSL/TLS.
rfc
Show list of RFC related to SSL/TLS.
todo
Show known problems and bugs.
exit
Show possible --exit=KEY options. Used for debugging only.
warnings
Show warning messages defined in code.
program.code
For developers.
^
Options for all commands (general)
Do DNS lookups to map given hostname to IP, do a reverse lookup.
Do not make DNS lookups.
Note that the corresponding IP and reverse hostname may be missing
in some messages then.
Specify HOST as target to be checked. Legacy option.
Specify PORT of target to be used. Legacy option.
When giving more than one HOST argument, the sequence of the given
HOST argument and the given --port=PORT and the given --host=HOST
options are important.
The rule how ports and hosts are mapped is as follows:
HOST:PORT arguments are used as is (connection to HOST on PORT)
only HOST is given, then previous specified PORT is used
Note that URLs are treated as HOST:PORT, if they contain a port.
Example:
o-saft.pl +cmd host-1 --port 23 host-2 host-3:42 host-4
will connect to:
host-1:443
host-2:23
host-3:42
host-4:23
Make all connection to target using PROXYHOST.
Also possible is: --proxy=PROXYUSER:PROXYPASS@PROXYHOST:PROXYPORT
Make all connection to target using PROXYHOST:PROXYPORT.
Specify username for proxy authentication.
Specify password for proxy authentication.
Use STARTTLS command to start a TLS connection via SMTP.
This option is a shortcut for --starttls=SMTP .
Use STARTTLS command to start a TLS connection via protocol.
PROT may be any of: SMTP, IMAP, IMAP2, POP3, FTPS,
RDP, LDAP or XMPP .
For --starttls=SMTP see --dns-mx also to use MX records instead
of host
Number of seconds to wait before sending a packet, to slow down the
STARTTLS requests. Default is 0.
This may prevent blocking of requests by the target due to too much
or too fast connections.
Note: In this case there is an automatic suspension and retry with
a longer delay.
Internal use for CGI mode only.
^
Options for SSL tool
Read rc-file if exists, from directory where program was found.
Do not read rc-file.
Use FILE instead of the default rc-file .o-saft.pl.
The exit status code will be greater 0, if any of following applies:
any check returns no, except if no (<<...>>)
insecure protocols are available
insecure ciphers are supported
ciphers without PFS are supported, disable with --exitcode-cipher
In particular, the status code will be the total count of all these
checks. The status code will also be printed at end, like:
# EXIT 23
Parts of these checks can be diasabled, see --exitcode-* options
below.
Use --v or --exitcode-v to see details about the performed checks.
Functionality implemented experimental, may change in future.
Print information about performed checks.
Do not print status code at end, like # EXIT 23.
Do not count checks with result no for --exitcode .
Do not count LOW, WEAK or MEDIUM security ciphers for --exitcode .
Do not count any ciphers for --exitcode .
Do not count ciphers without PFS for --exitcode .
Use openssl s_slient ... call to retrieve more information from
the SSL connection. This is disabled by default on Windows because
of performance problems. Without this option (default on Windows !)
following information are missing:
compression, expansion, renegotiation, resumption,
selfsigned, verify, chain, protocols, DH parameters
See lib/SSLinfo for details.
If used together with --trace, s_client data will also be printed
in debug output of lib/SSLinfo.
Do not use external openssl tool to retrieve information. Use of
openssl is disabled by default on Windows.
Note that this results in some missing information, see above.
TOOL can be a path to openssl executable; default: openssl
FILE path of directory or full path of openssl.cnf
If set, environment variable OPENSSL_CONF will be set to given path
(or file) when openssl(1) is started. Please see openssl's man page
for details about specifying alternate openssl.cnf files.
Options are obsolete. Please use --ciphermode=openssl instead.
PATH is a full path where to find openssl.
PATH is a full path where to find libssl.so, libcrypto.so.
See HACKER's INFO below for a detailed description how it works.
NAME is the name of a environment variable containing additional
paths for searching dynamic shared libraries.
Default is LD_LIBRARY_PATH.
Check your system for the proper name, for example:
DYLD_LIBRARY_PATH, LIBPATH, RPATH, SHLIB_PATH.
PATH is a full path where to find additional Perl modules
This option is not avaliable as --inc PATH.
REGEX all paths matching this RegEx are removed from @INC
This option is not avaliable as --no-inc REGEX.
See HACKER's INFO below for a detailed description.
The connection to a target may fail, or even block, due to various
reasons for example lost network at all, blocking at firewall, etc.
In particular when checking ciphers with +cipher , this may result
in long delays until results are printed.
Using this option stops trying to do more connections to the target
when --ssl-error-max=CNT consecutive errors occurred, or when the
total amount of errors increases --ssl-error-total=CNT.
Note that this may result in loss of information and/or checks.
Max. amount of consecutive errors (default: 5).
Timeout in seconds when a failed connection is treated as error and
then counted (default: 1).
Max. total amount of errors (default: 10).
I.g. this tools tries to identify available functionality according
SSL versions from the underlaying libraries. Unsupported versions
are then disables and a warning is shown.
Unfortunately some libraries have not implemented all functions to
check availability of a specific SSL version, which then results in
a compile error.
This option disables the strict check of availability.
If the underlaying library doesn't support the required SSL version
at all, following error may occur:
Can't locate auto/Net/SSLeay/CTX_v2_new.al in @INC ...
See Note on SSL versions for a general note about SSL versions.
A more detailled description of the problem and how Net::SSLeay be-
haves, can be found in the source of o-saft.pl ,
see section starting at
#| check for supported SSL versions
Timeout in seconds when connecting to the target (default: 2).
METHOD method to be used for specific functionality
Available methods:
info-socket – use internal socket to retrieve information
info-openssl – use external openssl to retrieve information
info-user – use usr_getinfo() to retrieve information
cipher-socket – use internal socket to ckeck for ciphers
cipher-openssl – use external openssl to ckeck for ciphers
cipher-user – use usr_getciphers() to ckeck for ciphers
Method names starting with:
info-
are responsible to retrieve information about the SSL connection
and the target certificate (i.e. what the +info command provides)
cipher-
are responsible to connect to the target and test if it supports
the specified ciphers (i.e. what the +cipher command provides)
check-
are responsible for performing the checks (i.e. what's shown with
the +check command)
score-
are responsible to compute the score based on check results
The second part of the name denotes which kind of method to call:
socket – the internal functionality with sockets is used
openssl – the exteranl openssl executable is used
user – the external special function, as specified in
user's lib/OUsr.pm, is used.
Example:
--call=cipher-openssl
will use the external openssl(1) executable to check the target for
supported ciphers.
Default settings are:
--call=info-socket --call=cipher-socket --call=check-socket
Just for curiosity, instead of using:
o-saft.pl --call=info-user --call=cipher-user --call=check-user --call=score-user ...
consider to use your own script like:
#!/usr/bin/env perl
usr_getinfo();usr_getciphers();usr_checkciphers();usr_score();
:-))
Print list of ciphers in style like: openssl ciphers -v.
Option used with +ciphers command only.
Print list of ciphers in style like: openssl ciphers -V.
Option used with +ciphers command only.
^
Options for SSL connection to target
Following MODEs are supported for scanning ciphers:
intern – scan for ciphers using internal method; (default)
openssl – scan for ciphers using external openssl executable
socket – scan for ciphers using IO::Socket::SSL
dump – same as intern but print all cipher information,
useful when postprocessed by usr/* tools
intern uses a socket connection to the target which provides all
ciphers of the specified range. The amount of provided ciphers will
be reduced and tested in chunks if the target returns errors. This
is the fastest mode for most targets.
socket uses a new socket connection to the target for each cipher
of the specified range. It provides only this cipher.
openssl uses openssl s_slient -connect CIPHER ... to check if
a cipher is supported by the remote target. It may be useful if the
target behaves strange (warnings, hints are printed), or if option
--lib=PATH doesn't work (for example due to changes of the API).
Note that this mode is very slow, compared to the others, because
an external executable must be called and a timeout of at least one
second is necessary for each cipher check (due to restrictions with
openssl 3.x). Consider to use another cipher range than the default
rfc, for example with --cipherrange=openssl .
TCP socket will be reused for next connection attempt even if SSL
connection failed.
Close TCP socket and then reopen for next connection attempt if SSL
connection failed.
This is useful for some servers which may return an TLS alert if
the connection fails and then fail again on the same socket.
A simple check if the target can be connected will be performed by
default. If this check fails, the target will be ignored, means no
more requested checks will be done. As this connection check some-
times fails due to various reasons, the check can be disabled using
this option.
Do not use *-MD5 ciphers for other protocols than SSLv2.
This option is only effective with +cipher command.
The purpose is to avoid warnings from IO::Socket::SSL(3pm) like:
Use of uninitialized value in subroutine entry at lib/IO/Socket/SSL.pm line 430.
which occurs with some versions of IO::Socket::SSL(3pm) when a
*-MD5 ciphers will be used with other protocols than SSLv2.
Note that these ciphers will be checked for SSLv2 only.
SSL can be any of:
ssl, ssl2, ssl3, sslv2, sslv3, tls1, tls1, tls11, tls1.1, tls1-1,
tlsv1, tlsv11, tlsv1.1, tlsv1-1 (and similar variants for tlsv1.2
and tlsv1.3), dtls1, dtls12, dtls13.
For example:
--tls1 --tlsv1 --tlsv1_1 are all the same.
(--SSL variants): Test ciphers for this SSL/TLS version.
(--no-SSL variants): Don't test ciphers for this SSL/TLS version.
Shortcut for:
--no-sslv2 --no-sslv3 --no-tlsv1 --no-tlsv11 --no-tlsv12 --no-tlsv13
Shortcut for: --sslv2 --sslv3 --tlsv1 --tlsv11 --tlsv12 --tlsv13
Shortcut for:
--no-dtlsv09 --no-dtlsv1 --no-dtlsv11 --no-dtlsv12 --no-dtlsv13
Shortcut for: --dtlsv09 --dtlsv1 --dtlsv11 --dtlsv12 --dtlsv13
This option forces to assume that SSLv2 is enabled even if the
target does not accept any ciphers.
The target server may accept connections with SSLv2 but not allow
any cipher. Some checks verify if SSLv2 is enabled at all, which
then would result in a failed test.
The default behaviour is to assume that SSLv2 is not enabled if no
ciphers are accepted.
Make a HTTP request if cipher is supported.
If used twice debugging will be enabled using environment variable
HTTPS_DEBUG.
Do not make HTTP request.
Use UA for HTTP header User-Agent: in HTTP(s) requests.
Make SSL connection in SNI mode.
Do not make SSL connection in SNI mode (default: SNI mode).
Test with and witout SNI mode.
Do not check if SNI seems to be supported by Net::SSLeay(3pm).
Older versions of openssl and its libries do not support SNI or the
SNI support is implemented buggy. By default it's checked if SNI is
properly supported. With this option this check can be disabled.
Be warned that this may result in improper results.
If SNI mode is active, see --sni above, NAME is used instead of
hostname for connections to the target. If SNI mode is not active,
see --no-sni above, NAME is not used. The default is undefined,
which forces to use the given FQDN.
This is useful, for example when an IP instead of a FQDN was given,
where a correct hostname (i.g. a FQDN) needs to be specified.
Note: i.g. there is no need to use this option, as a correct value
for the SNI name will be choosen automatically (except for IPs).
However, it is kind of fuzzing ... even setting to an empty string
is possible.
Limitation: the same NAME is used for all targets, if more than
one target was specified.
Do not get data from target's certificate, return empty string.
Do not get data from target's certificate, return default string
of lib/SSLinfo (see --no-cert-text=TEXT option).
Set TEXT to be returned from lib/SSLinfo if no certificate data
is collected due to use of --no-cert.
Check certificate chain to depth INT (like openssl's -verify).
Use FILE with bundle of CAs to verify target's certificate chain.
Use DIR where to find CA certificates in PEM format.
NOT YET IMPLEMENTED
I. g. openssl uses default settings where to find certificate files.
When --ca-file=FILE and/or --ca-path=DIR was used, this default
will be overwritten by appropriate options passed to openssl. If the
default does not work as expected, --force-ca can be used to force
setting of proper values according well known common defaults. See:
o-saft.pl +version
o-saft.pl +version --force-ca
to see the used settings.
Use -alpn option for openssl.
Do not use -alpn option for openssl.
Do not use -nextprotoneg option for openssl.
Name of protocol to be added to list of applcation layer protocols
(ALPN), which is used for any connection to the targets.
See --cipher-alpn=NAME also.
Name of protocol to be added to list of next protocol negotiations
(NPN), which is used for any connection to the targets.
See --cipher-npn=NAME also.
Use SSL option compression for connection.
Use SSL option no compression for connection (default: don't use)
Do not use -reconnect option for openssl.
Do not use -tlsextdebug option for openssl.
Argument or option passed to openssl's s_client command.
^
Options for +cipher command
Additional delay in seconds after each connect for a cipher check.
This is useful when connecting to servers which have IPS in place,
or are slow in accepting new connections or requests.
Only check for CIPHER instead of using ciphers from internal list
(default). Multiple options can be specified.
CIPHER can be any cipher suite name or (internal) hex key, see:
o-saft.pl +list
for known, valid keys and cipher names.
CIPHER can also be any of the internal defined patterns, see:
cipherpattern
o-saft.pl --header --help=cipherpattern
If CIPHER does not match a hex key, i.e. 0x03000035, it is used
as pattern (RegEx) to match cipher suite names. For example:
AES256-SHA matches 28 cipher suites, while AES256-SHA$ matches
14 ciphers, see:
lib/Ciphers.pm find-names=AES256-SHA
lib/Ciphers.pm find-names=AES256-SHA$
To be sure that exactly one cipher suite matches, use for example:
--cipher=^AES256-SHA$
--cipher=0x03000035
Hex keys must be specified with a leading 0x followed by exactly
8 uper case hex characters [0-9A-F].
The pattern can be common RegEx like GCM|CHACHA. Simple OpenSSL-
style pattern are also accepted, for example: AES:ECDH.
When --ciphermode=openssl or --ciphermode=socket is used, CIPHER
can only be any string or a hex key accepted by openssl. Examples:
--cipher=DHE_DSS_WITH_RC4_128_SHA
--cipher=0x03000066
will be mapped to DHE-DSS-RC4-SHA
CIPHER can also be any pattern accepted by openssl, for example:
--cipher=!DES:!ADH:!aNULL
Default is ALL:NULL:eNULL:aNULL:LOW:EXP as specified in lib/SSLinfo.
See LIMITATIONS also.
Name of protocol to be added to list of applcation layer protocols
(ALPN), which is used for cipher checks.
--cipher-alpn=, – sets empty list.
--cipher-alpn=,, – sets list to empty element .
Name of protocol to be added to list of next protocol negotiations
(NPN), which is used for cipher checks.
--cipher-npn=, – sets empty list.
--cipher-npn=,, – sets list to empty element .
Note: setting empty list or element most likely does not work with
openssl executable, for example --ciphermode=openssl .
Name of ecliptic curve to be added to list of ecliptic curves (EC),
which is used for cipher checks.
--cipher-curve=, – sets empty list.
--cipher-curve=,, – sets list to empty element .
Note: setting empty list or element most likely does not work with
openssl executable, for example --ciphermode=openssl .
Specify range of cipher constants to be tested with +cipher .
Following RANGEs are supported:
rfc – all ciphers defined in various RFCs including
all reserverd and some unassigned constants
shifted – rfc + some constants shifted by 64 bytes to
the right
intern – rfc + shifted
long – like rfc but more lazy list of constants
huge – all constants 0x03000000 .. 0x0300FFFF
safe – all constants 0x03000000 .. 0x032FFFFF
full – all constants 0x03000000 .. 0x03FFFFFF
SSLv2 – all ciphers according RFC for SSLv2, see [v2]
SSLv2_long – more lazy list of constants for SSLv2
SSLv3 – all ciphers according RFC for SSLv3
SSLv3_SSLv2 – all ciphers for SSLv3 with SSLv2
TLSv10 – empty list (see [v1] below)
TLSv11 – empty list (see [v1] below)
TLSv12 – all ciphers according RFC for TLSv12
TLSv13 – all ciphers according RFC for TLSv13
GREASE – all GREASE ciphers according RFC
IANA – all ciphers recommended by IANA, see
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
c0xx – ECC ciphers, constants 0x0300C000 .. 0x0300C0FF
ccxx – ECC ciphers, constants 0x0300CC00 .. 0x0300CCFF
ecc – all constants for ciphers using ECC
openssl – all ciphers known by openssl
note that this requires an openssl executable
[v2]: SSLv2 is the internal list used for testing SSLv2 ciphers.
It does not make sense to use it for other protocols; however ...
[v1]: There are no ciphers officially assignd to TLSv10 or TLSv11.
For the full list and details about the ranges, please see:
range
o-saft.pl --header --help=range
If any --cipher=CIPHER is used, --cipherrange=RANGE is ignored.
See LIMITATIONS also.
Additional delay in seconds after the server is connected using a
proxy or before starting STARTTLS.
This is useful when connecting via slow proxy chains or connecting
to slow servers before sending the STARTTLS sequence.
Maximal number of ciphers sent in a sslhello (default: 32).
Send SSL extension reneg_info even if list of ciphers includes
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (default: do not include)
Some servers do not answer (i.g. they disconnect) if none of the
offered ciphers is supported by the server.
Continue testing with next ciphers when the target disconnects or
does not send data within specified timeout (see --timeout).
Useful for TLS intolerant servers.
Abort testing with next ciphers when the target disconnects.
Use supported elliptic curves. Default on.
Use TLS ec_point_formats extension. Default on.
Test for ciphers with secure renegotiation flag set.
Default: don't set secure renegotiation flag.
Number of retries when connection timed-out (default: 2).
Number of seconds to wait until connection is qualified as timeout.
Get DNS MX records for given target and check the returned targets.
(only useful with --starttls=SMTP).
^
Options for checks and results
Options used for +check command:
Only print result for ciphers accepted by target.
Only print result for ciphers not accepted by target.
Prints HTTP response body of the target also, if requested with
+https_body , which is disabled by default (because it may be huge
amount of data not related to SSL/TLS).
Checks are done case-insensitive.
Checks are done case-sensitive. Default: case-insensitive.
Currently only checks according CN, alternate names in the target's
certificate compared to the given hostname are effected.
When checking for the TLS heartbeat extension, the server may not
respond at all, which would result in a no reply message. This
marks the check for +heartbleed as no.
I.g. a server is not vulnerable to the heartbleed attack if the
TLS heartbeat extension is disabled. Hence the check result no
may be mis-leading. This option treats the no reply result as
not vulnerable and returns yes then.
Note: if the server does not respond for this check, does not mean
that the heartbeat extension is switched off. If unsure, disable
this lazy check with --no-ignore-no-reply .
^
Options for output format
Defines the format of the descriptive text (label) for +check and
+info command.
Following TYPEs are supported:
Prints full text for labels:
Certificate Common Name: some.tld
Prints short less descriptive text for labels:
Common Name: some.tld
Internal format: print name of key instead of text as label. Key is
Prints name of key instead of text as label. The key is that of the
internal data structure(s).
[cn] some.tld
For ciphers and protocols, the corresponding hex value is used as
key. Note that these values are unique.
For compatibility with other tools, the output format used for the
result of the +cipher command can be adjusted to mimic the format
of other SSL testing tools.
The argument to the --legacy=TOOL option is the name of the tool
who's format of output is to be simulated.
Following TOOLs are supported:
sslaudit – similar to sslaudit
sslcipher – similar to ssl-cipher-check
ssldiagnos – similar to ssldiagnos
sslscan – similar to sslscan
ssltest – similar to ssltest
ssltestg – similar to ssltest -g
ssltest-g – similar to ssltest -g
sslyze – similar to sslyze
ssl-cipher-check – same as sslcipher
ssl-cert-check – similar to ssl-cert-check
testsslserver – similar to TestSSLServer.jar
thcsslcHeck – similar to THCSSLCheck
Note that these legacy formats only apply to output of the checked
ciphers. Other texts like headers and footers are adapted slightly.
When using ths option, please do not expect identical output as the
TOOL. It is a best guess and should be parsable in a very similar
way.
Internal format: mainly avoid tabs and spaces format is as follows:
Some Label:<-- anything right of colon is data
Internal format: pretty print each label in its own line, followed
by data prepended by tab character (useful for +info only).
Results for cipher checks use rating from OWASP Cipher Cheat Sheet.
Internal format: use tab as separator; ciphers are printed with bit
length (implies --tab).
Internal default format.
This option is used to specify the format of the result lines. This
covers the value of the result line only.
raw – Print raw data as passed from lib/SSLinfo.
Note: all data will be printed as is, without additional label
or formatting. It's recommended to use the option in conjunction
with exactly one command. Otherwise the user needs to know how
to read the printed data.
hex – Convert some data to hex: 2 bytes separated by :.
0x – Convert some data with hex values:
2 bytes prepended by 0x and separated by a space.
/x – Same as --format=\x
\x – Convert some data with hex values:
2 bytes prepended by \x and no separating char.
Get the screen width and then adapt output of documentation to fit
to that width. If the environment variable COLUMNS is not set the
command tput or stty of system is used to get the screen width.
It's a very simple approach to make texts better readable on narrow
devices like tablets. For more details, please see:
perdoc o-saft.pl # the section Note:tty there
Set the screen width to NN characters (see --format-tty also).
Default will be calculated automatically.
Set the amount of spaces used for identation (see --tty also).
Default is 2.
Set the additional chacacter when lines are split. Default: ↲
Note: must be used on command-line to inhibit all header lines.
Do not print output (data or check result) for command CMD. CMD
is any valid command, see COMMANDS , without leading +.
Option can be used multiple times.
--ignore-out=, sets empty list.
Print scoring results. Default for +check.
Do not print scoring results.
CHAR will be used as separator between label and value of the
printed results. Default is :.
TAB character (0x09, \t) will be used as separator between label
and value of the printed results.
As label and value are already separated by a TAB character, this
options is only useful in conjunction with the --legacy=compact
option.
Prefix each printed line with the given hostname (target).
The hostname will be followed by the separator character.
Example without --showhost :
Certificate Common Name: localhost
Example with --showhost :
localhost:443:Certificate Serial Number: localhost
Print some internal variable names in output texts (labels).
Variable names are prefixed to printed line and enclosed in # .
Example without --showkey :
Certificate Serial Number: deadbeef
Example with --showkey :
#[serial]: Certificate Serial Number: deadbeef
This option is used to specify the general output format for STDOUT
and STDERR. All results are written to STDOUT, errors and warnings
may also be written to STDERR . The default is :unix:utf8, which
is the perlish definition used internally.
Following values are supported:
raw
unix – Print raw data, binary in bytes without conversion.
Note: binary here means that each byte is a character.
utf8 – Convert detected bytes to UTF-8 characters.
crlf – Use CR LF as end of line.
CHARSET – can be any of the local installed character sets,
like UTF-8, UTF-16LE, CP1252, iso-8859-7, etc..
This conversion may print its own warnings.
The option can be used multiple times with different values.
To reset the default behaviour, either raw or unix must be
used. Obviously, they must be used first. All other values are used
additionally.
Note: utf8 just defines the format of the characters, it does no
further checks on the converted characters. In contrast, UTF-8 is
used as real encoding and does some checks. However, the difference
is importand on STDIN only.
For more details, please see perldoc -f binmode .
For the tools default behaviour, please SEE Perl:binmode()
Currently (in 2024), these options must be used before any --help
option.
Obsolete, please use --std-format=crlf .
^
Options for compatibility with other programs
Please see other programs for detailed description (if not obvious:).
Note that often only the long form options are accepted as most short
form options are ambiguous.
If other programs use the same option,but with a different behaviour,
then thes other options are not supported.
For a list of supported options, please see:
alias
o-saft.pl --help=alias
Following list contains only those options not shown with:
alias
o-saft.pl --help=alias
# Tool's Option | (Tool) o-saft.pl Option
#-----------------------+--------------+------------------------
--checks CMD – (TLS-Check.pl) same as +CMD
-h, -h=HOST – (various tools) same as --host HOST
-p, -p=PORT – (various tools) same as --port PORT
-t HOST – (ssldiagnos) same as --host HOST
--UDP – (ssldiagnos) same as --udp
--timeout, --grep – (ssltest.pl) ignored
-r, -s, -t, -x – (ssltest.pl) ignored
--insecure – (cnark.pl) ignored
--nopct --nocolor – (ssldiagnos) ignored
-connect, -H, -u, -url, -U ignored
-noSSL – same as --no-SSL
-no_SSL – same as --no-SSL
#-----------------------+--------------+------------------------
For definition of SSL see --SSL and --no-SSL above.
^
Options for customisation
Option for customisation have the general from: --cfg-CFG=KEY=TEXT
For general descriptions please see CUSTOMISATION section below.
Redefine list of commands. Sets %cfg{cmd-CMD} to LIST.
Commands can be written without the leading +.
If CMD is any of the known internal commands, it will be redifned.
If CMD is a unknown command, it will be created.
Example:
--cfg-cmd=sni="sni hostname"
An example
+preload can be found in
.o-saft.pl .
To get a list of commands and their settings, use:
intern
o-saft.pl --help=intern
Main purpose is to reduce list of commands or to print them sorted.
Redefine texts used for labels in output. Sets %data{KEY}{txt} or
%checks{KEY}{txt} to TEXT.
To get a list of preconfigured labels, use:
cfg-checks
o-saft.pl --help=cfg-checks
cfg-data
o-saft.pl --help=cfg-data
Redefine the security value (i.e. HIGH) in the cipher description.
Example:
--cfg-cipher=NULL-MD5=no-security-at-all
Redefine general texts used in output. Sets %text{KEY} to TEXT.
To get a list of preconfigured texts, use:
cfg-text
o-saft.pl --help=cfg-text
Note that \n, \r and \t are replaced by the corresponding character
when read from rc-file.
Read definitions for %text{KEY}=my text from file FILE.
Redefine texts used for hints. Sets %cfg{hints}{KEY} to TEXT.
To get a list of preconfigured texts, use:
cfg-hint
o-saft.pl --help=cfg-hint
Set the internal %cfg hash. This options is intended for testing
and debugging only. Please see TESTING below.
See Options for SSL tool.
Execute functions defined in lib/OUsr.pm.
Options ignored, but stored as is internal in $cfg{usr-args} .
These options can be used in lib/OUsr.pm or lib/OTrace.pm.
Use experimental functionality.
Some functionality of this tool is under development and only used
when this option is given.
^
Options for tracing and debugging
The terms trace and debug are used interchangeable herein. The
functionality enabled by the options described below is more likely
considered tracing.
Do not execute, just show commands (only useful in conjunction with
using openssl).
--v prints more information what actually is done. --trace prints
more information about internal data such as procedure names and/or
variable names with their values.
Print more information about checks.
Note that --v is different from -v (see above).
Print each cipher being checked (with --ciphermode=openssl only).
Print debugging messages, function names, variable names or values.
Print more debugging messages and pass trace=2 to Net::SSLeay and
lib/SSLinfo.
Print more debugging messages and pass trace=3 to Net::SSLeay and
lib/SSLinfo.
Print processing of all command-line arguments.
Print complete command-line first. Used for internal testing.
Print command-line argument processing.
Option obsolete since Version 23.11.23. Please use --v instead.
Same as --showkey .
Prints trace output with timestamps.
Alias for --trace-VALUE options (see above).
# Trace Option | Alias Option
#-------------------+-----------------------------
--trace=1 – same as --trace
--trace=2 – same as --trace --trace
--trace=arg – same as --trace-arg
--trace=cli – same as --trace-cli
--trace=key – same as --trace-key
--trace=time – same as --trace-time
#-------------------+-----------------------------
Print hint messages (!!Hint:).
Do not print hint messages (!!Hint:).
Print warning messages (**WARNING:).
Do not print warning messages (**WARNING:).
Do not suppress duplicate warning messages (**WARNING:).
Warning messages not printed multiple times by default: 303 304 412
Supress printing of warning messages with number NNN (**WARNING:).
It also supresses hint messages if they begin with number NNN.
Mainly used for internal testing.
Shortcut for: --no-warnings --no-hints .
Terminate o-saft.pl at specified KEY. Please see TESTING below.
^
Options vs. Commands
For compatibility with other programs and lazy users, some arguments
looking like options are silently taken as commands or vice versa.
This means that --THIS becomes +THIS then. These options are:
--help
--abbr
--todo
--chain
--default
--fingerprint
--list
--test*
--version
Take care that this behaviour may be removed in future versions as it
conflicts with those options and commands which actually exist, like:
--sni vs. +sni