login

Burp Suite, the leading toolkit for web application security testing

Suite Options: SSL

This tab contains settings for SSL negotiation, and client and server SSL certificates.

SSL Negotiation

These settings control the SSL protocols that Burp will use when performing SSL negotiation with upstream servers.

Sometimes, you may have difficulty negotiating SSL connections with certain web servers. The Java SSL stack contains a few gremlins, and fails to work with certain unusual server configurations. To help you troubleshoot this problem, Burp lets you specify which protocols should be offered to servers during SSL negotiations.

Note that Burp itself implements a few workarounds for SSL issues, and if a negotiation fails with the protocols you have configured, Burp will still try some alternative combinations of protocols that often work. So you shouldn't use this feature as a method of testing which protocols are actually supported by the server.

Two other options are available:

Client SSL Certificate

This setting lets you configure a client SSL certificate (in PKCS12 format) that will be used whenever a destination HTTPS server requires client certificate authentication.

Server SSL Certificates

This information-only panel contains details of all X509 certificates received from web servers. Double-click an item in the table to display the full details of the certificate. 

User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Monday, October 8, 2012

v1.5rc3

This release fixes a bug which was introduced in the v1.5rc2 release, and which caused the active scan checks for XSS to fail to execute in some situations

See all release notes ›

Copyright © 2012 PortSwigger Ltd. All rights reserved.