Pricing

from $1.00 / 1,000 host scans

Go to Apify Store

SSL Cipher Suite & Security Scanner

Try for free

Audit TLS versions and negotiated cipher suites for a list of domains to ensure compliance and robust web security.

Pricing

from $1.00 / 1,000 host scans

Rating

0.0

(0)

Developer

Andok

Actor stats

Bookmarked

Total users

Monthly active users

a month ago

Last modified

TLS Cipher Suite Scanner

Scan TLS cipher suites to detect weak or deprecated configurations across your entire domain inventory. Outdated ciphers like RC4 or CBC-mode suites remain a top finding in compliance audits, and many teams lack visibility until a scanner flags them. Check hundreds of hosts in parallel and get structured results ready for reporting.

Features

Cipher suite detection — identifies the exact cipher suite negotiated during the TLS handshake
Protocol version reporting — reports TLS 1.2, TLS 1.3, or older protocol versions for each host
Certificate validation — checks whether the server certificate is authorized and trusted
ALPN negotiation — reports Application-Layer Protocol Negotiation results (h2, http/1.1)
Bulk scanning — check hundreds of domains concurrently in a single run
Flexible input — accepts plain domains, URLs, or objects with domain/url fields

Input

Field	Type	Required	Default	Description
`domains`	`array`	Yes	—	List of domains or hostnames to scan (e.g., `example.com`). Also accepts URLs or objects with `domain`/`url` fields
`timeoutSeconds`	`integer`	No	`15`	Connection timeout per domain in seconds (1-60)
`concurrency`	`integer`	No	`10`	Number of domains to scan in parallel (1-50)

Input Example

{
  "domains": [
    "google.com",
    "github.com",
    "example.com"
  ],
  "concurrency": 20
}

Output

Each domain produces one dataset record with the negotiated TLS parameters and certificate status.

Key output fields:

domain (string) — the hostname that was scanned
status (string) — scan result status (OK or ERROR)
protocol (string) — negotiated TLS version (e.g., TLSv1.3)
cipher (string) — negotiated cipher suite name (e.g., TLS_AES_256_GCM_SHA384)
authorized (boolean) — whether the server certificate is trusted
alpn (string) — negotiated ALPN protocol (e.g., h2)
error (string | null) — error message if the connection failed
checkedAt (string) — ISO 8601 timestamp

Output Example

{
  "domain": "github.com",
  "status": "OK",
  "protocol": "TLSv1.3",
  "cipher": "TLS_AES_128_GCM_SHA256",
  "authorized": true,
  "alpn": "h2",
  "error": null,
  "checkedAt": "2026-03-09T12:00:00.000Z"
}

Pricing

Event	Cost
Host Scan	$0.001

Pay only for hosts successfully scanned. Respects your per-run spending limit.

Use Cases

Security audits — verify that all enterprise endpoints use TLS 1.2+ with strong cipher suites
PCI DSS compliance — confirm no deprecated protocols or weak ciphers are in use across payment-processing domains
Vendor risk assessment — bulk-scan third-party domains to evaluate their TLS configurations before onboarding
Infrastructure migration — validate cipher suite consistency after moving to new hosting or CDN providers
Scheduled monitoring — run weekly scans to detect cipher downgrades or misconfigurations after server changes

Actor	What it adds
Security Headers Analyzer	Audit HTTP security headers (HSTS, CSP, etc.) to complement TLS-level checks
SSL Certificate Monitor	Monitor certificate expiry dates alongside cipher suite auditing
Subdomain Finder	Discover all subdomains first, then feed them into cipher scanning

SSL Certificate Inspector - TLS Audit & Expiry Monitor

santamaria-automations/ssl-certificate-inspector

Inspect SSL/TLS certificates for any domain: chain validation, expiry dates, cipher suites, TLS versions, subject alt names, issuer details, and security scoring. Export data, run via API, schedule and monitor runs, or integrate with other tools.

Alessandro Santamaria

SSL Certificate Checker

automation-lab/ssl-certificate-checker

SSL Certificate Checker connects to domains over TLS and inspects their SSL certificates. It returns structured data about certificate validity, expiry, issuer chain, TLS protocol version, cipher suite, and a security grade from A+ to F.

Stas Persiianenko

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

Security Headers Checker - HTTP Security Audit

pink_comic/security-headers-checker

HTTP security header audit for HSTS, CSP, X-Frame-Options, and more. Grade your website security posture against best practices. For penetration testing, compliance checks, and web hardening. No API key required.

Ava Torres

HTTP Headers Security Checker

automation-lab/http-headers-security-checker

This actor checks 12 HTTP security headers for any list of websites and produces a security grade with actionable findings. It identifies missing headers, weak configurations, and provides specific recommendations. Use it for security audits, compliance checks, or monitoring your web...

Stas Persiianenko

🔒 SSL Certificate Monitor

taroyamada/ssl-certificate-monitor

Monitor SSL/TLS certificates across websites to detect expiry dates and issuer changes. Extract security data and integrate alerts using the API.

太郎山田

🛡️ Domain Trust Monitor

taroyamada/domain-trust-monitor

Audit your entire web infrastructure by extracting SSL certificate health, SPF/DKIM/DMARC configuration, and missing security headers across hundreds of websites.

太郎山田

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.