Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols have become the security backbone of the Web and Internet today. Many systems including mobile and desktop applications are protected by SSL/TLS protocols against network attacks. However, many vulnerabilities caused by incorrect use of SSL/TLS APIs have been uncovered in recent years. Such vulnerabilities, many of which are caused due to poor API design and inexperience of the application developers, often lead to confidential data leakage or man-in-the-middle attacks. In order to guarantee code quality and logic correctness in applications that use SSL/TLS, a scalable automated approach for security analysis is needed. In this paper, we design and implement SSLINT, a scalable automated system for detecting in- correct use of SSL/TLS APIs. By using static analysis techniques, it is capable of performing automatic logic verification with high efficiency and good accuracy. To demonstrate the feasibility of our approach as well as advantages of SSLINT, we apply it to one of the most popular Linux distributions – Ubuntu. We find 27 unknown SSL/TLS vulnerabilities in Ubuntu applications, most of which are also distributed with other Linux distributions.