Let's interpret and manipulate the output results using the SSLyze by running it against a web application:

1. Another tool that performs a thorough sweep and analyzes the SSL/TLS configurations of a target service is SSLyze. To perform the majority of the basic tests in SSLyze, arguments should include the target server and the --regular argument. This includes tests for SSLv2, SSLv3, TLSv1, renegotiation, resumption, certificate information, HTTP GET response status codes, and compression support, as follows:

2. Alternatively, a single version of TLS or SSL can be tested to enumerate the supported ciphers associated with that version. In the following example, SSLyze is used to enumerate the supported TLSv1.2 ciphers, and it then uses the grep command to extract only 256-bit ciphers:

3. One very helpful feature that SSLyze supports is testing for zlib compression. This compression, if enabled, is directly associated with an information leakage vulnerability known as Compression Ratio Info-leak Made Easy (CRIME). This test can be performed using the --compression argument, as follows: