Docs · Tools
SSL / TLS Auditor
The SSL/TLS Auditor inspects how a host does encryption: which protocol versions it allows, which ciphers it offers, and whether its certificate is valid, trusted, and not about to expire.
- Category
- Web & API
- Powered by
sslyze- Edition
- Pro
- Where
- Desktop → SSL Auditor tab
What it does
Weak TLS is silent until it is exploited. This auditor connects to a host and reports the supported protocol versions (flagging old ones like TLS 1.0/1.1), the cipher suites on offer, and the full certificate chain — including who issued it and when it expires.
How to use it
1
Enter host:port
Provide the target, e.g.
example.com:443.2
Audit
Click Audit. The protocol, cipher, and certificate sections populate as checks finish.
3
Act on findings
Disable weak protocols/ciphers and renew certificates that are near expiry.
What it checks
- Protocols — which TLS/SSL versions are enabled (old ones are flagged).
- Ciphers — the cipher suites offered, weak ones highlighted.
- Certificate — validity, trust chain, hostname match, and expiry date.
What you get
A clear pass/warn report per category. Results feed the Security Score SSL/TLS factor so you can watch the number improve as you harden the endpoint.
Tips
- Aim for TLS 1.2+ only, with modern ciphers; disable TLS 1.0/1.1.
- Audit every public endpoint, not just the main site — APIs and mail hosts count too.
- No sslyze yet? A demo report previews the checks before you install it.
Authorized use only. Only audit hosts you own or are permitted to assess. Inputs are sanitized before use.