SSLyze

6.3.1 verified Fri May 01 auth: no python

Fast and powerful SSL/TLS scanning library and CLI tool. Current version 6.3.1, requires Python >=3.10. Release cadence is about 3-6 months per minor version.

pip install sslyze

Common errors

error AttributeError: module 'sslyze' has no attribute 'ScanCommand' ↓

cause ScanCommand is not directly in the sslyze module; it's in sslyze.plugins.scan_commands.

fix

Use: from sslyze.plugins.scan_commands import ScanCommand

error TypeError: scan() takes 1 positional argument but 2 were given ↓

cause Older synchronous API used scanner.scan(server_info). In v6+, use async API: await scanner.scan_async(scan_request).

fix

Use async/await and ServerScanRequest object.

error ImportError: cannot import name 'ServerNetworkLocation' from 'sslyze' ↓

cause Old sslyze (<6) had different import paths. In v6+, import from sslyze directly.

fix

Upgrade sslyze to >=6, then use: from sslyze import ServerNetworkLocation

error RuntimeError: asyncio.run() cannot be called from a running event loop ↓

cause Calling asyncio.run() inside a Jupyter notebook or another async context.

fix

Use await or run in a new event loop with nest_asyncio.

error pydantic.error_wrappers.ValidationError: (...) for ScanCommand ↓

cause Passing invalid enum values or mixing strings/enums.

fix

Use ScanCommand enum members (e.g., ScanCommand.CERTIFICATE_INFO) not strings.

Warnings

breaking From v6.0.0, Python 3.9 support dropped. Requires >=3.10. ↓

fix Upgrade Python to 3.10 or newer.

breaking From v6.0.0, the Python API changed to fully async. Synchronous scanner and synchronous methods removed. ↓

fix Use asyncio and await scanner.scan_async() instead of synchronous scan().

breaking From v6.0.0, the JSON output for certificate info changed: leaf_certificate_subject_matches_hostname removed. ↓

fix Use certificate validation API instead.

deprecated Expect-CT header check removed in v5.1.0 due to deprecation of Expect-CT. ↓

fix Remove --http_headers --expect_ct from CLI.

gotcha On some Linux distributions (Red Hat, CentOS) sslyze may crash due to OpenSSL compatibility. Fixed in 5.2.0. ↓

fix Upgrade to 5.2.0 or later.

gotcha If using custom TLS profiles via --custom_tls_config, ensure the config is correctly formatted. Incorrect format may silently fall back to default. ↓

fix Check README for example config format.

Imports

ServerNetworkLocation

from sslyze import ServerNetworkLocation

Scanner
```
from sslyze import Scanner
```
ServerScanRequest
```
from sslyze import ServerScanRequest
```
ScanCommand
wrong
```
from sslyze import ScanCommand
```
correct
```
from sslyze.plugins.scan_commands import ScanCommand
```
In sslyze < 6.0? Actually in current version ScanCommand is exported from sslyze.plugins.scan_commands. But docs show direct import from sslyze. VERIFY.

Quickstart

Basic asynchronous scan of a TLS server using the Python API.

import asyncio
from sslyze import ServerNetworkLocation, Scanner, ServerScanRequest
from sslyze.plugins.scan_commands import ScanCommand

async def scan():
    server_location = ServerNetworkLocation(hostname="www.google.com", port=443)
    scanner = Scanner()
    scan_request = ServerScanRequest(
        server_location=server_location,
        scan_commands={
            ScanCommand.TLS_1_2_CIPHER_SUITES,
            ScanCommand.CERTIFICATE_INFO,
        },
    )
    result = await scanner.scan_async(scan_request)
    print(result)

asyncio.run(scan())