How do I test my znc's SSL port against various SSL vulnerabilities?

You can test your SSL connection by using the openssl and nmap tool.

Heartbleed

openssl version

Your OpenSSL installation is vulnerable to Hertbleed if the version output is one of these values: 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1 source

As pointed out in the comments below just checking the version might give you a false positive as most distributions offer security patches which don't change the version of openssl.

I found this answer on the serverfault to check for heartbleed:

openssl s_client -connect example.com:443 -tlsextdebug 2>&1 | grep 'server extension "heartbeat" (id=15)' || echo safe

Poodle

openssl s_client -connect example.com:443 -ssl3

if you get something like this

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

everything is ok. source

Logjam

openssl s_client -connect example.com:443 -ssl3

This should output two lines: Server public key is 4096 bit is your RSA Key size.

Server Temp Key: DH, 4096 bits is your DH-Parameter size.

If this is 1024 bits or lower you need up upgrade your configuration.

source

Freak

I have found no way to test against freak attack by just using openssl. You can use nmap instead.

nmap --script ssl-enum-ciphers -p 443 example.com | grep EXPORT -l | wc -l

prints 1 for vulnerable and 0 for clean.

source

Try testssl.sh. Great tool that can be run from command line and give pretty much the same output as ssllabs.com (though without browser info unfortunately), but not limited by port or to public facing websites.

Note this is a shell script which, as I understand it from a quick look at the source, basically wraps all the openssl commands that knowhy has suggested in his answer and more into one nice, easy to use, script.