Allow tests ports 993, 995 and 465 (for IMAP, POP3 and SMTP email servers)

ssllabs / ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

https://www.ssllabs.com/projects/ssllabs-apis/

Apache License 2.0

1.69k stars 239 forks source link

Allow tests ports 993, 995 and 465 (for IMAP, POP3 and SMTP email servers) #441

Open hickford opened 7 years ago

hickford commented 7 years ago

Hi. Would you consider allowing tests ports 993, 995 and 465? This would allow testing of IMAP, POP3 and SMTP email servers. People want to know the email servers they use are secure, just as they do about websites.

Port list: https://www.fastmail.com/help/technical/ssltlsstarttls.html

IMAP uses port 143, but SSL/TLS encrypted IMAP uses port 993.

POP uses port 110, but SSL/TLS encrypted POP uses port 995.

SMTP uses port 25, but SSL/TLS encrypted SMTP uses port 465.

I wouldn't be surprised to learn many email servers have bad configuration—vulnerable to Poodle and so on. Some ISPs, schools, businesses may not have reviewed them in years.

ArchangeGabriel commented 7 years ago

I’m reposting my answer to your #270 deleted comment:

I think that allowing anyport is probably easier. ;) Since you might also want to be able to check on STARTTLS ports, so that’s 7 ports total for email purposes.

@hickford In the meantime, you can use https://www.htbridge.com/ssl/.

hickford commented 7 years ago

Thanks. I've been using https://testssl.sh/ . A survey of British ISPs reveals a few servers vulnerable to Poodle. Some others support TLS 1.0 only. One ISP instructs users to connect to its mail server without any encryption.

mail.talktalk.net:995
smtp.talktalk.net:587

I like the SSL Labs server test because it gives a colour-coded grade A to F with clear explanation why.

zzq1015 commented 7 years ago

+1 for allowing tests for any port https://www.htbridge.com/ssl/ https://tls.imirhil.fr They support testing any port