[Cialug] {External} Re: Using Openssl to test Protocol and Cipher Suites

Scott Yates Scott at yatesframe.com
Fri Sep 30 16:11:21 CDT 2016


One last note:  It looks like firewalls tend to mess with this a bit.
BitDefender is a good product, but its firewall was causing the ping issue.

ifconfig is still busted however.  8(

On Fri, Sep 30, 2016 at 3:31 PM, Kelly Slaugh <KSlaugh at studentloan.org>
wrote:

> Thanks,
>
> I found TestSSLServer which is an exe program that allowed me to run
> different scenarios on the Protocol & Cipher Suite to check the results. I
> did probably 10 different strings and accumulated that information to send
> off to the decision makers.
>
> I did try nmap however the version that we have is old and didn't have the
> enum script available. I haven't heard of the other two, I appreciate the
> suggestions and I'll take a look.
>
> ~Rabid_gerbil
>
> -----Original Message-----
> From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On
> Behalf Of Sean Flattery
> Sent: Friday, September 30, 2016 3:23 PM
> To: cialug at cialug.org
> Subject: {External} Re: [Cialug] Using Openssl to test Protocol and Cipher
> Suites
>
> I like to use O-Saft from OWASP https://www.owasp.org/index.php/O-Saft
> although it can end up giving too much info.  Sslyze is another good tool.
> https://github.com/iSECPartners/sslyze  Nmap has some nice scripting
> checks
> built in as well, and the SSL enum one is probably what you'd need.
> https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
>
>
> Thanks,
> Sean Flattery
>
>
>
>
> Date: Fri, 30 Sep 2016 19:29:00 +0000
> From: Kelly Slaugh <KSlaugh at Studentloan.org>
> To: Central Iowa Linux Users Group <cialug at cialug.org>
> Subject: [Cialug] Using Openssl to test Protocol and Cipher Suites
> Message-ID:
>         <9CD1BF38110849499378659CB0CCE8674C20C202 at CWEMEXC003.
> ISLLCNETS.Studentloan.org>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Is there a command to use with openssl that gives all available Protocols
> and Cipher Suites? Kind of like what https://ssllabs.com will do?
>
> I've used the command...
>
> Openssl s_client -connect www.mywebsite.com:443
>
> However that only gives me what I'm currently connecting with, not what I
> could connect with. Trying to get a Cipher Suite and Protocol string that
> only allows certain Cipher Suites with only TLS1.2. I don't want any Cipher
> Suite that TLS1.2 can use only specific ones.
>
> My string looks like this...
>
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:
> DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-
> RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!SSLv2:!SSLv3:!
> TLSv1:!TLSv1_1:!ADH:!MD5:!RC4:!DES:!NULL:!EXP:!LOW
>
> ~Rabid_gerbil
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
> ________________________________
>
> This e-mail and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you have received this e-mail in error please notify the
> originator of the message. This footer also confirms that this e-mail
> message has been scanned for the presence of computer viruses. Any views
> expressed in this message are those of the individual sender, except where
> the sender specifies and with authority, states them to be the views of
> Iowa Student Loan.
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list