[Cialug] Using Openssl to test Protocol and Cipher Suites
Sean Flattery
sean.r.flattery at gmail.com
Fri Sep 30 15:23:08 CDT 2016
I like to use O-Saft from OWASP https://www.owasp.org/index.php/O-Saft
although it can end up giving too much info. Sslyze is another good tool.
https://github.com/iSECPartners/sslyze Nmap has some nice scripting checks
built in as well, and the SSL enum one is probably what you'd need.
https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
Thanks,
Sean Flattery
Date: Fri, 30 Sep 2016 19:29:00 +0000
From: Kelly Slaugh <KSlaugh at Studentloan.org>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Subject: [Cialug] Using Openssl to test Protocol and Cipher Suites
Message-ID:
<9CD1BF38110849499378659CB0CCE8674C20C202 at CWEMEXC003.
ISLLCNETS.Studentloan.org>
Content-Type: text/plain; charset="us-ascii"
Is there a command to use with openssl that gives all available Protocols
and Cipher Suites? Kind of like what https://ssllabs.com will do?
I've used the command...
Openssl s_client -connect www.mywebsite.com:443
However that only gives me what I'm currently connecting with, not what I
could connect with. Trying to get a Cipher Suite and Protocol string that
only allows certain Cipher Suites with only TLS1.2. I don't want any Cipher
Suite that TLS1.2 can use only specific ones.
My string looks like this...
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:
DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-
RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!SSLv2:!SSLv3:!
TLSv1:!TLSv1_1:!ADH:!MD5:!RC4:!DES:!NULL:!EXP:!LOW
~Rabid_gerbil
More information about the Cialug
mailing list