Comments (4)
EXPORT ciphers (40 or 56 bit) have been flagged as weak in sslscan for a long time.
For the weak DHE keys, the --cipher-details
option was added in 3820aae to display these. I've made another commit that will highlight weak keys (<=768) and medium strength keys (<=1024) in the output - although I don't have a weak server to test against.
Note that the --cipher-details option requires OpenSSL 1.0.2 (which there's a good chance your system doesn't have) - so you may have to statically build sslscan (make static
, rather than just make
).
Output will look something like this:
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
from sslscan.
I did not know about the --cipher-details. I must have missed that one.
Thanks for the quick response.
from sslscan.
Only thing i'm missing is the cipher details in the xml output.
Tried to figure out to do it myself in a pull request but i'm not a C developer :(
from sslscan.
Key bits weren't being reported for DHE ciphers (only ECDHE) - I've fixed that in f49bc1d.
I've also made a change to the XML format; previously there was a "dhebits" attribute on the ciphers that only existed on EC ciphers. This would get a bit confusing if the same attribute was used for both DHE and ECDHE (because ECDHE ones are almost always 256bit, which is secure, but would make parsing them more of a pain to work out which ones were insecure). ECDHE ciphers now have an "ecdhebits" attribute, and normal DHE ciphers have "dhebits".
New XML output should look something like this:
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="DHE-RSA-CAMELLIA128-SHA" dhebits="2048" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-RC4-SHA" curve="P-256" ecdhebits="256" />
from sslscan.
Related Issues (20)
- Failed to parse certificate information HOT 2
- fatal error C1083 HOT 2
- connected to service but Displaying all TLS Protocol disabled. HOT 7
- Provide precompiled binaries for Linux, Mac HOT 3
- RHEL install with yum HOT 3
- providing a list with --targets doesnt work as only the first item on the list is being check upon HOT 1
- [Question] Cipher strength levels HOT 4
- False Positive 'TLS1.3 Server accepts all signature algorithms'
- gcc-13 warning: 'secondMethod' may be used uninitialized
- Feature Request : Write "security colors" as a text in XML output HOT 1
- Undocumented GPG verification key.
- Docker build stopped working HOT 2
- TLS 1.2 Cipher Suites not detected HOT 8
- Missing protocol and ciphers HOT 5
- TLS 1.3 Inconsistent results HOT 8
- 403 Sorry, your password was incorrect. Please double-check your password. HOT 1
- "Unable to parse certificate" with version 2.1.1 HOT 4
- Error when COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1: HOT 7
- Windows 2.1.2 release zip file contains 2.1.1 pre-compiled binary HOT 9
- Failure when scanning [::1] due to SNI HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslscan.