How to install SSLyze on Parrot OS
Check which protocols and ciphers the server supports by using SSLyze. Installation is straightforward: github.com/nabla-c0d3/sslyze
The Setup
- Parrot OS 5.0 (Electro Ara)
- SSLyze version 5.0.6
Installation
pip install --upgrade pip setuptools wheel
pip install --upgrade sslyze
python3 -m sslyze <target>
By default it will check results against Mozilla's "intermediate" configuration. See ssl-config.mozilla.org for more details.
An excerpt of the scan results:
- FAILED - Not compliant.
* maximum_certificate_lifespan: Certificate life span is 396 days, should be less than 366.
* tls_versions: TLS versions {'TLSv1.1', 'TLSv1'} are supported, but should be rejected.
* ciphers: Cipher suites {'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_RSA_WITH_AES_128_CBC_SHA', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'} are supported, but should be rejected.
Check the version
Parrot OS: cat /etc/os-release
SSLyze: sslyze --help