tls-checker

command module

v0.0.2 Latest Latest Go to latest Published: Jul 1, 2020 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

tls-checker is used to verify that websites are serving on accepted TLS versions and not downgrading.

TBD

TBD

Run the command like this:

bin/tls-checker --schemes https --hosts "www.truss.works" --log-level info --timeout 15m

There will be no output if the check succeeds. If there is an error output will appear like this:

2020-06-19T10:28:41.199-0700    WARN    tls-checker/main.go:366 invalid request to url https://www.truss.works/health connected using TLS v1.1

When mutual TLS authentication is required this command can be used like this:

bin/tls-checker --schemes https --hosts "www.truss.works" --key "${KEY}" --cert "${CERT}" --ca "${CA}" --log-level info --timeout 15m

To ensure there's no issue with reading the KEY, CERT, and CA the values must be base64 encoded. One way to do this is on the command line:

export KEY=$(echo $tls_key -q | base64 -i -)
export CERT=$(echo $tls_cert -q | base64 -i -)
export CA=$(echo $ca_cert -q | base64 -i -)

To test after making changes, uncomment the following lines in main.go:

// tls.VersionTLS12,
// tls.VersionTLS13,

And then run

go run . check --schemes https --hosts "www.truss.works" --log-level info --timeout 15m

You should see invalid requests. These failures prove exits on the bad TLS versions that are accepted, and indicates the tool is working as expected.

There is no documentation for this package.