TLS Info

SSL/TLS Analyzer

"Deep SSL/TLS inspection — certificates, cipher suites, protocol versions, and known weaknesses."

What it does

TLS misconfigurations are among the most common and overlooked security issues. Expired certificates break user trust. Weak cipher suites allow decryption of traffic. Old protocol versions (SSLv3, TLS 1.0) have known vulnerabilities that make connections attackable.

tlsinfo performs a comprehensive SSL/TLS assessment: it checks certificate validity and expiry, enumerates the full cipher suite list, identifies deprecated protocol versions, and checks for known weaknesses like BEAST, POODLE, HEARTBLEED, and ROBOT. With the enumerate_ciphers option enabled, it tests each cipher individually — useful for compliance assessments requiring specific cipher lists.

Scan options

OptionDescriptionEst. time

enumerate_ciphers ONDEFAULT

Test every cipher suite individually — slower but gives full cipher inventory. Required for PCI-DSS compliance checks.

~60 sec/host

Example findings

CRITICALSSL Certificate Expired — 47 days agotlsinfo

HIGHTLS 1.0 Supported — Protocol Downgrade Risktlsinfo

HIGHRC4 Cipher Suite Accepted — Weak Encryptiontlsinfo

MEDIUMCertificate Expires in 14 Daystlsinfo

← Back to all tools ▶ Scan with TLS Info

What it finds

▸Expired or soon-to-expire SSL certificates
▸Self-signed certificates
▸Weak cipher suites (RC4, DES, 3DES, export-grade)
▸Deprecated protocol versions (SSLv3, TLS 1.0, TLS 1.1)
▸Missing HSTS header
▸Certificate chain issues
▸Weak key sizes (RSA < 2048 bits)
▸Known protocol vulnerabilities (BEAST, POODLE, HEARTBLEED, ROBOT)

Works well with

Headers →HTTPX →