SSL / TLS Analysis
Cybrium's SSL/TLS scan audits a target's transport security end to end — the certificate chain, the protocols it negotiates, and the ciphers it accepts.
What it discovers
- Certificate analysis — validity, chain trust, subject alternatives, key size, signature algorithm, CT log presence, and time-to-expiry.
- Protocol weaknesses — deprecated versions, downgrade paths, and negotiation flaws.
- Cipher strength — weak suites, forward-secrecy gaps, and compliance mapping against PCI, HIPAA, and NIST profiles.
When to use it
Run SSL/TLS on any endpoint exposing HTTPS, IMAPS, SMTPS, or custom TLS services. Schedule it regularly to catch expiring certificates and newly deprecated cipher suites, and run it on demand after rotating a certificate or changing a load balancer config.
Requires authorisation
A signed authorisation is required before any scan leaves the queue.
Launch from the chat bar
- Type
ssl example.comortls check api.example.com:8443. - Cybrium detects the target port automatically when omitted — default 443 for HTTPS.
- Confirm authorisation and the scan begins.
Launch from the dedicated UI
- Go to Scans -> New Scan -> SSL / TLS.
- Enter the hostname, port, and SNI value if it differs from the hostname.
- Optionally pin an expected issuer or fingerprint so drift is flagged as a finding.
- Click Start scan.
What findings look like
Findings are grouped into three panels:
- A certificate panel with the full chain, validity window, and trust status per root store.
- A protocol panel showing which TLS versions are accepted and which are weak or deprecated.
- A cipher panel listing every negotiated suite with strength ratings and compliance indicators.
Each finding carries a severity, remediation guidance, and links to the relevant standards.
Where results appear
- Rich SSL/TLS results panel inside the Findings tab.
- Report tab with a certificate inventory appendix.
- Compliance scorecard updates automatically when a tracked control is affected.
