[Cialug] {External} Re: Using Openssl to test Protocol and Cipher Suites

Kelly Slaugh KSlaugh at Studentloan.org
Fri Sep 30 15:31:45 CDT 2016


Thanks,

I found TestSSLServer which is an exe program that allowed me to run different scenarios on the Protocol & Cipher Suite to check the results. I did probably 10 different strings and accumulated that information to send off to the decision makers.

I did try nmap however the version that we have is old and didn't have the enum script available. I haven't heard of the other two, I appreciate the suggestions and I'll take a look.

~Rabid_gerbil

-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of Sean Flattery
Sent: Friday, September 30, 2016 3:23 PM
To: cialug at cialug.org
Subject: {External} Re: [Cialug] Using Openssl to test Protocol and Cipher Suites

I like to use O-Saft from OWASP https://www.owasp.org/index.php/O-Saft
although it can end up giving too much info.  Sslyze is another good tool.
https://github.com/iSECPartners/sslyze  Nmap has some nice scripting checks
built in as well, and the SSL enum one is probably what you'd need.
https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html


Thanks,
Sean Flattery




Date: Fri, 30 Sep 2016 19:29:00 +0000
From: Kelly Slaugh <KSlaugh at Studentloan.org>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Subject: [Cialug] Using Openssl to test Protocol and Cipher Suites
Message-ID:
        <9CD1BF38110849499378659CB0CCE8674C20C202 at CWEMEXC003.
ISLLCNETS.Studentloan.org>

Content-Type: text/plain; charset="us-ascii"

Is there a command to use with openssl that gives all available Protocols
and Cipher Suites? Kind of like what https://ssllabs.com will do?

I've used the command...

Openssl s_client -connect www.mywebsite.com:443

However that only gives me what I'm currently connecting with, not what I
could connect with. Trying to get a Cipher Suite and Protocol string that
only allows certain Cipher Suites with only TLS1.2. I don't want any Cipher
Suite that TLS1.2 can use only specific ones.

My string looks like this...

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:
DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-
RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!SSLv2:!SSLv3:!
TLSv1:!TLSv1_1:!ADH:!MD5:!RC4:!DES:!NULL:!EXP:!LOW

~Rabid_gerbil
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug


________________________________

This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the originator of the message. This footer also confirms that this e-mail message has been scanned for the presence of computer viruses. Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Iowa Student Loan.




More information about the Cialug mailing list