├── .github
    └── FUNDING.yml
├── LICENSE
├── README.md
├── cli.js
├── index.js
├── methods.js
└── package.json


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | github: styfle
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Steven
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # tls-check
 2 | 
 3 | > Check the TLS protocol support of one or more web servers
 4 | 
 5 | ## Usage
 6 | 
 7 | Pass one or more hostnames with optional port to see a list of supported protocols that each server supports.
 8 | 
 9 | ```sh
10 | npx tls-check google.com https://bing.com vercel.com:443
11 | ```
12 | 
13 | ```sh
14 | Checking TLS against 3 website(s)...
15 | 
16 | ✅ google.com TLSv1 Enabled.
17 | ✅ google.com TLSv1.1 Enabled.
18 | ✅ google.com TLSv1.2 Enabled.
19 | ✅ google.com TLSv1.3 Enabled.
20 | 
21 | ✅ bing.com TLSv1 Enabled.
22 | ✅ bing.com TLSv1.1 Enabled.
23 | ✅ bing.com TLSv1.2 Enabled.
24 | ❌ bing.com TLSv1.3 Disabled.
25 | 
26 | ❌ vercel.com TLSv1 Disabled.
27 | ❌ vercel.com TLSv1.1 Disabled.
28 | ✅ vercel.com TLSv1.2 Enabled.
29 | ✅ vercel.com TLSv1.3 Enabled.
30 | ```
31 | 
32 | ## Relevant Links
33 | 
34 | - [TLS 1.3 Browser Support](https://caniuse.com/#feat=tls1-3) - Can I Use
35 | - [Deprecating TLS 1.0 & 1.1](https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/) - DigitCert
36 | - [It's Time to Disable TLS 1.0](https://www.globalsign.com/en/blog/disable-tls-10-and-all-ssl-versions) - GlobalSign
37 | 


--------------------------------------------------------------------------------
/cli.js:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env node
 2 | 
 3 | const tlsCheck = require('./index');
 4 | const versions = require('./methods');
 5 | 
 6 | async function main() {
 7 |     const args = process.argv.slice(2);
 8 |     console.log(`Checking TLS against ${args.length} website(s)...\n`);
 9 | 
10 |     for (let arg of args) {
11 |         if (!arg.startsWith('http')) {
12 |             arg = 'https://' + arg;
13 |         }
14 |         let { hostname, port } = new URL(arg);
15 |         for (let version of versions) {
16 |             const res = await getFormattedResult({ hostname, port, version });
17 |             console.log(res);
18 |         }
19 |         console.log(' ');
20 |     }
21 | }
22 | 
23 | /**
24 |  * Get the formatted result with emoji and all.
25 |  * @param {string} hostname 
26 |  * @param {number} port 
27 |  * @param {string} version 
28 |  */
29 | async function getFormattedResult({ hostname, port, version }) {
30 |     let emoji = '✅'
31 |     let message = 'Enabled.';
32 |     try {
33 |         await tlsCheck({ hostname, port, version });
34 |     } catch (e) {
35 |         if (e.code === 'ERR_TLS_INVALID_PROTOCOL_VERSION') {
36 |             emoji = '🔶';
37 |             message = 'Your client had a problem. Try updating OpenSSL.';
38 |         } else if (e.code === 'ECONNRESET') {
39 |             emoji = '❌';
40 |             message = 'Disabled.';
41 |         } else {
42 |             emoji = '🤦‍♀️';
43 |             message = e.toString();
44 |         }
45 |     }
46 |     const origin = port ? `${hostname}:${port}` : hostname;
47 |     return `${emoji} ${origin} ${version} ${message}`;
48 | }
49 | 
50 | main();
51 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | const { createSecureContext, connect }  = require('tls');
 2 | 
 3 | /**
 4 |  * 
 5 |  * @param {{hostname: string, port: number, version: string}} o 
 6 |  */
 7 | function tlsCheck({ hostname, port, version }) {
 8 |     return new Promise((resolve, reject) => {
 9 |         const secureContext = createSecureContext({ minVersion: version, maxVersion: version });
10 |         const opt = {
11 |             host: hostname,
12 |             servername: hostname,
13 |             port: port || 443,
14 |             secureContext,
15 |         }
16 |         const socket = connect(opt, () => {
17 |             if (!socket.authorized) {
18 |                 reject(socket.authorizationError);
19 |                 return;
20 |             }
21 |             const cipher = socket.getCipher();
22 |             cipher.tlsProtocol = socket.getProtocol();
23 |             socket.end();
24 |             resolve(cipher);
25 |         });
26 |     
27 |         socket.on('error', e => reject(e));
28 |     });
29 | }
30 | 
31 | module.exports = tlsCheck;
32 | 


--------------------------------------------------------------------------------
/methods.js:
--------------------------------------------------------------------------------
1 | // https://nodejs.org/api/tls.html#tls_tls_default_min_version
2 | module.exports = [
3 |     'TLSv1',
4 |     'TLSv1.1',
5 |     'TLSv1.2',
6 |     'TLSv1.3',
7 | ];


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "tls-check",
 3 |   "version": "1.0.0",
 4 |   "description": "Check the TLS protocol support of one or more web servers",
 5 |   "repository": "styfle/tls-check",
 6 |   "main": "index.js",
 7 |   "bin": {
 8 |     "tls-check": "cli.js"
 9 |   },
10 |   "scripts": {
11 |     "test": "echo \"Error: no test specified\" && exit 1"
12 |   },
13 |   "engines": {
14 |     "node": ">=12"
15 |   },
16 |   "keywords": [
17 |     "tls",
18 |     "ssl",
19 |     "protocol",
20 |     "scanner"
21 |   ],
22 |   "author": "styfle",
23 |   "license": "MIT"
24 | }
25 | 


--------------------------------------------------------------------------------