How can you check and analyze SSL ports other than 443?

ImmuniWeb (new service; formerly HTBridge)

https://www.immuniweb.com/ssl

Example: Report for imap.spamarrest.com:993


There are a few. But none even close to what SSL Labs does.

Here are two sample sites.

  • DigiCert SSL Tools (one gets redirected to this site from formerly mentioned https://ssltools.websecurity.symantec.com/checker/)
  • http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=imap.spamarrest.com%3A993&protocol=https

Port 443 limit is by design

SSL Labs does this on purpose. I didn't know this. But here's the rationale. It's listed inside their Read This First document:

Commonly Requested Features

  • Checking of IP addresses without hostnames; SSL Labs is designed to test public web servers services. We define public as having a DNS record and running on the official port for the given service (e.g., 443 for HTTPS). We don't allow direct checking of IP addresses because we don't consider such services public.
  • Checking of web servers on non-standard ports; see the previous point.

I use https://testssl.sh/

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.

It also works well on Windows 10 if you have the 'Windows Subsystem for Linux' installed https://msdn.microsoft.com/en-gb/commandline/wsl/install_guide