[Cialug] Using Openssl to test Protocol and Cipher Suites
Sean Flattery
sean.r.flattery at gmail.com
Wed Oct 5 21:37:27 CDT 2016
I found another tool recently that's a great way to do these kinds of
checks https://github.com/mozilla/cipherscan. It's more concise than
O-Saft and is easy to use.
On Fri, Sep 30, 2016 at 3:23 PM, Sean Flattery <sean.r.flattery at gmail.com>
wrote:
> I like to use O-Saft from OWASP https://www.owasp.org/index.php/O-Saft
> although it can end up giving too much info. Sslyze is another good tool.
> https://github.com/iSECPartners/sslyze Nmap has some nice scripting
> checks built in as well, and the SSL enum one is probably what you'd need.
> https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
>
>
> Thanks,
> Sean Flattery
>
>
>
>
> Date: Fri, 30 Sep 2016 19:29:00 +0000
> From: Kelly Slaugh <KSlaugh at Studentloan.org>
> To: Central Iowa Linux Users Group <cialug at cialug.org>
> Subject: [Cialug] Using Openssl to test Protocol and Cipher Suites
> Message-ID:
> <9CD1BF38110849499378659CB0CCE8674C20C202 at CWEMEXC003.ISLLCNE
> TS.Studentloan.org>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Is there a command to use with openssl that gives all available Protocols
> and Cipher Suites? Kind of like what https://ssllabs.com will do?
>
> I've used the command...
>
> Openssl s_client -connect www.mywebsite.com:443
>
> However that only gives me what I'm currently connecting with, not what I
> could connect with. Trying to get a Cipher Suite and Protocol string that
> only allows certain Cipher Suites with only TLS1.2. I don't want any Cipher
> Suite that TLS1.2 can use only specific ones.
>
> My string looks like this...
>
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-
> RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-
> AES256-SHA384:ECDHE-RSA-AES128-SHA256:!SSLv2:!SSLv3:!TLSv1:!
> TLSv1_1:!ADH:!MD5:!RC4:!DES:!NULL:!EXP:!LOW
>
> ~Rabid_gerbil
>
More information about the Cialug
mailing list