Back to Blog
Synalyze it documentation5/5/2023 ![]() Timestamps (SCTs) for Certificate Transparency embedded in the leaf certificate. True if the OCSP must-staple extension is present in the leafīool leaf_certificate_signed_certificate_timestamps_count ¶ Typeīool leaf_certificate_has_must_staple_extension ¶ True if the leaf certificate is Extended Validation, according to Mozilla. True if the leaf certificate’s Common Name or Subject Alternative List leaf_certificate_subject_matches_hostname ¶ If for a given trust store, the validation was successful, the verified certificate chain built by OpenSSLĬan be retrieved from the PathValidationResult. path_validation_results ¶Ĭertificate chain using each trust store that is packaged with SSLyze (Mozilla, Apple, etc.). ![]() Path_validation_result_list.verified_certificate_chain. Will be None if the validation failed with all of the available trust stores The verified certificate chain returned by OpenSSL for one of the trust stores The certificate chain sent by the server index 0 is the leaf certificate. The result of analyzing a server’s certificate to verify its validity.Īny certificate available within the fields that follow is parsed as a Certificate object using the cryptography CertificateDeploymentAnalysisResult ( received_certificate_chain, leaf_certificate_subject_matches_hostname, leaf_certificate_has_must_staple_extension, leaf_certificate_is_ev, leaf_certificate_signed_certificate_timestamps_count, received_chain_contains_anchor_certificate, received_chain_has_valid_order, path_validation_results, verified_chain_has_sha1_signature, verified_chain_has_legacy_symantec_anchor, ocsp_response, ocsp_response_is_trusted ) ¶ Hostname_used_for_server_name_indication ( str) –Ĭertificate_deployments ( List) –Ĭlass sslyze. Servers only deploy one leaf certificate, but some websites (such as Facebook) return different leafĬertificates depending on the client, as a way to maximize compatibility with older clients/devices. TypeĪ list of leaf certificates detected by SSLyze and the corresponding analysis. The hostname sent by SSLyze as the Server Name Indication extension. hostname_used_for_server_name_indication ¶ The result of retrieving and analyzing a server’s certificates to verify their validity. ![]() CertificateInfoScanResult ( hostname_used_for_server_name_indication, certificate_deployments ) ¶ The file should containĬustom_ca_file ( Path) – Result class ¶ class sslyze. The path to a custom trust store file to use for certificate validation. CertificateInfoExtraArgument ( custom_ca_file ) ¶Īdditional configuration for running the certificate_info scan command. ScanCommand.CERTIFICATE_INFO: Retrieve and analyze a server’s certificate(s) to verify its validity. The next sections describe the result class that corresponds to each scan command. CERTIFICATE_INFO = 'certificate_info' ¶ SESSION_RESUMPTION = 'session_resumption' ¶ SSL_2_0_CIPHER_SUITES = 'ssl_2_0_cipher_suites' ¶ SSL_3_0_CIPHER_SUITES = 'ssl_3_0_cipher_suites' ¶ TLS_1_0_CIPHER_SUITES = 'tls_1_0_cipher_suites' ¶ TLS_1_1_CIPHER_SUITES = 'tls_1_1_cipher_suites' ¶ TLS_1_2_CIPHER_SUITES = 'tls_1_2_cipher_suites' ¶ TLS_1_3_CIPHER_SUITES = 'tls_1_3_cipher_suites' ¶ TLS_COMPRESSION = 'tls_compression' ¶ TLS_1_3_EARLY_DATA = 'tls_1_3_early_data' ¶ OPENSSL_CCS_INJECTION = 'openssl_ccs_injection' ¶ TLS_FALLBACK_SCSV = 'tls_fallback_scsv' ¶ HEARTBLEED = 'heartbleed' ¶ ROBOT = 'robot' ¶ SESSION_RENEGOTIATION = 'session_renegotiation' ¶ HTTP_HEADERS = 'http_headers' ¶ ELLIPTIC_CURVES = 'elliptic_curves' ¶ The following scan commands are available in the current version of SSLyze: class sslyze. ![]()
0 Comments
Read More
Leave a Reply. |