CryptoLyzer is a fast and flexible server cryptographic settings analyzer library for Python with an easy-to-use command line interface with both human-readable (Markdown) and machine-readable (JSON) output. It works with multiple cryptographic protocols (SSL/ TLS, opportunistic TLS, SSH) and analyzes additional security mechanisms (web security related HTTP response header fields, JA3 tag).

What is it and what is it not?

The main purpose of creating this application is the fact, that cryptography protocol analysis differs in many aspect from establishing a connection using a cryptographic protocol. Analysis is mostly testing where we trigger special and corner cases of the protocol and we also trying to establish connection with hardly supported, experimental, obsoleted or even deprecated mechanisms or algorithms which are may or may not supported by the latest or any version of an implementation of the cryptographic protocol.

As follows, it is neither a comprehensive nor a secure client/server implementation of any cryptographic protocol. On the one hand analyzer implements only the absolutely necessary parts of the protocol to interact with servers. On the other it may use completely insecure algorithms and mechanisms. It is not designed and contraindicated to use these client/server implementations establishing secure connections. If you are searching for proper cryptographic protocol implementations, there are several existing wrappers and native implementations for Python (eg: M2Crypto, pyOpenSSL, Paramiko, ...).

Quick start

CryptoLyzer can be installed directly via pip

pip install cryptolyzer

cryptolyze tls all
cryptolyze tls1_2 ciphers
cryptolyze ssh2 ciphers
cryptolyze http headers

or can be used via Docker

docker run --rm coroner/cryptolyzer tls all
docker run --rm coroner/cryptolyzer tls1_2 ciphers
docker run --rm coroner/cryptolyzer ssh2 ciphers
docker run --rm coroner/cryptolyzer http headers
docker run -ti --rm -p coroner/cryptolyzer ja3 generate
openssl s_client -connect

or via APT on Debian based systems

apt update && apt install -y gnupg2 curl
echo 'deb /' >/etc/apt/sources.list.d/cryptolyzer.list
curl -s | apt-key add -

apt update && apt install -y python3-pkg-resources python3-cryptoparser python3-cryptolyzer

cryptolyze tls all
cryptolyze tls1_2 ciphers
cryptolyze ssh2 ciphers
cryptolyze http headers

or via DNF on Fedora based systems

dnf install 'dnf-command(config-manager)'
dnf config-manager --add-repo
rpm --import
dnf install python3-urllib3 python3-cryptography cryptoparser cryptolyzer

Development environment

If you want to setup a development environment, you are in need of pipenv.

git clone
cd cryptolyzer
pipenv install --dev
pipenv run python develop
pipenv shell
cryptolyze -h

Generic Features


Hypertext Transfer Protocol (HTTP)




Supported analyzers by cryptographic protocol versions

Analyzers SSH
Cipher Suites (ciphers)
Diffie-Hellman parameters (dhparams)
Host Keys (pubkeys)



Supported analyzers by cryptographic protocol versions

Analyzers SSL
Cipher Suites (ciphers)
X.509 Public Keys (pubkeys)
X.509 Public Key Request (pubkeyreq) n/a
Elliptic Curves (curves) n/a n/a
Diffie-Hellman parameters (dhparams) n/a n/a
Extensions (extensions) n/a n/a n/a n/a
Signature Algorithms (sigalgos) n/a n/a n/a

Python implementation

  • CPython (2.7, >=3.3)
  • PyPy (2.7, 3.5)

Operating systems

  • Linux
  • macOS
  • Windows

Protocol Specific Features

Secure Shell (SSH)

Protocol Versions

  1. identifies not only the software version, but also application server venrdor and version

Transport Layer Security (TLS)

Only features that cannot be or difficultly implemented by the most popular SSL/TLS implementations (eg: GnuTls, LibreSSL, OpenSSL, wolfSSL, ...) are listed.

Protocol Versions

  1. support not only the final, but also draft versions

Cipher Suites

  1. supports each cipher suites discussed on
  2. supports GOST (national standards of the Russian Federation and CIS countries) cipher suites


  1. generates JA3 tag of any connecting TLS client independently from its type (graphical/cli, browser/email client/...)
  2. decodes existing JA3 tags by showing human-readable format of the TLS parameters represented by the tag

Social Media


Icons made by Freepik from Flaticon.


The code is available under the terms of Mozilla Public License Version 2.0 (MPL 2.0).

A non-comprehensive, but straightforward description of MPL 2 can be found at Choose an open source license website.

Szilárd Pfeiffer / cryptolyzer
Fast and flexible server cryptographic (TLS/SSL/SSH) settings analyzer library for Python with CLI