{"id":27419,"library":"sslyze","title":"SSLyze","description":"Fast and powerful SSL/TLS scanning library and CLI tool. Current version 6.3.1, requires Python >=3.10. Release cadence is about 3-6 months per minor version.","status":"active","version":"6.3.1","language":"python","source_language":"en","source_url":"https://github.com/nabla-c0d3/sslyze","tags":["ssl","tls","security","scanner","network","certificate"],"install":[{"cmd":"pip install sslyze","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"Core dependency for TLS operations, bound to >=43,<47 in 6.3.1","package":"cryptography","optional":false},{"reason":"Underlying TLS library used by sslyze for low-level TLS handshakes","package":"nassl","optional":false},{"reason":"Used for data validation and settings (starting from 5.2.0+)","package":"pydantic","optional":false}],"imports":[{"note":"","wrong":"","symbol":"ServerNetworkLocation","correct":"from sslyze import ServerNetworkLocation"},{"note":"","wrong":"","symbol":"Scanner","correct":"from sslyze import Scanner"},{"note":"","wrong":"","symbol":"ServerScanRequest","correct":"from sslyze import ServerScanRequest"},{"note":"In sslyze < 6.0? Actually in current version ScanCommand is exported from sslyze.plugins.scan_commands. But docs show direct import from sslyze. VERIFY.","wrong":"from sslyze import ScanCommand","symbol":"ScanCommand","correct":"from sslyze.plugins.scan_commands import ScanCommand"}],"quickstart":{"code":"import asyncio\nfrom sslyze import ServerNetworkLocation, Scanner, ServerScanRequest\nfrom sslyze.plugins.scan_commands import ScanCommand\n\nasync def scan():\n    server_location = ServerNetworkLocation(hostname=\"www.google.com\", port=443)\n    scanner = Scanner()\n    scan_request = ServerScanRequest(\n        server_location=server_location,\n        scan_commands={\n            ScanCommand.TLS_1_2_CIPHER_SUITES,\n            ScanCommand.CERTIFICATE_INFO,\n        },\n    )\n    result = await scanner.scan_async(scan_request)\n    print(result)\n\nasyncio.run(scan())","lang":"python","description":"Basic asynchronous scan of a TLS server using the Python API."},"warnings":[{"fix":"Upgrade Python to 3.10 or newer.","message":"From v6.0.0, Python 3.9 support dropped. Requires >=3.10.","severity":"breaking","affected_versions":">=6.0.0"},{"fix":"Use asyncio and await scanner.scan_async() instead of synchronous scan().","message":"From v6.0.0, the Python API changed to fully async. Synchronous scanner and synchronous methods removed.","severity":"breaking","affected_versions":">=6.0.0"},{"fix":"Use certificate validation API instead.","message":"From v6.0.0, the JSON output for certificate info changed: leaf_certificate_subject_matches_hostname removed.","severity":"breaking","affected_versions":">=6.0.0"},{"fix":"Remove --http_headers --expect_ct from CLI.","message":"Expect-CT header check removed in v5.1.0 due to deprecation of Expect-CT.","severity":"deprecated","affected_versions":">=5.1.0"},{"fix":"Upgrade to 5.2.0 or later.","message":"On some Linux distributions (Red Hat, CentOS) sslyze may crash due to OpenSSL compatibility. Fixed in 5.2.0.","severity":"gotcha","affected_versions":"<5.2.0"},{"fix":"Check README for example config format.","message":"If using custom TLS profiles via --custom_tls_config, ensure the config is correctly formatted. Incorrect format may silently fall back to default.","severity":"gotcha","affected_versions":">=6.2.0"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Use: from sslyze.plugins.scan_commands import ScanCommand","cause":"ScanCommand is not directly in the sslyze module; it's in sslyze.plugins.scan_commands.","error":"AttributeError: module 'sslyze' has no attribute 'ScanCommand'"},{"fix":"Use async/await and ServerScanRequest object.","cause":"Older synchronous API used scanner.scan(server_info). In v6+, use async API: await scanner.scan_async(scan_request).","error":"TypeError: scan() takes 1 positional argument but 2 were given"},{"fix":"Upgrade sslyze to >=6, then use: from sslyze import ServerNetworkLocation","cause":"Old sslyze (<6) had different import paths. In v6+, import from sslyze directly.","error":"ImportError: cannot import name 'ServerNetworkLocation' from 'sslyze'"},{"fix":"Use await or run in a new event loop with nest_asyncio.","cause":"Calling asyncio.run() inside a Jupyter notebook or another async context.","error":"RuntimeError: asyncio.run() cannot be called from a running event loop"},{"fix":"Use ScanCommand enum members (e.g., ScanCommand.CERTIFICATE_INFO) not strings.","cause":"Passing invalid enum values or mixing strings/enums.","error":"pydantic.error_wrappers.ValidationError: (...) for ScanCommand"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}