Comments (3)
Originally ciphers <= 40 bits were flagged as red, and 56bit ciphers were flagged as yellow (to align sslscan with some of the other scanning tools like Nessus).
I think that you're correct that at this stage that both of them should be considered bad enough to be treated the same, so I've updated the colouring to this:
Strength | Colour |
---|---|
0 | Red background |
0 < n <= 56 | Red |
56 < n < 112 | Yellow |
>= 112 | Green |
You'll probably never see ciphers flagged as yellow in practice, there are only a couple of ciphers between 56 and 112 bit, and they're stuff like SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA
which I don't think is even implemented in OpenSSL.
~rbsec
from sslscan.
I believe for this will fall for RC4 as well as the new research shows that RC4 is not safe anymore. I'll open another issues regarding this if you feel that it should be modified in sslscan.
from sslscan.
IIRC the current best attacks against RC4 (Bar Mitzvah and NOMORE) require ~1 billion ciphertexts to be exploitable (and NOMORE will then give you ~10 million cookies to try), which isn't really in the realm of being viable for real world attacks (as with BEAST, NOMORE requires you to be able to execute JavaScript in the context of the target domain, which makes the attack somewhat less useful).
The mainstream browsers have announced this week that they're dropping support for RC4 early next year, so I think I'll change RC4 to red in sslscan once it's no longer supported by them.
from sslscan.
Related Issues (20)
- fatal error C1083 HOT 2
- connected to service but Displaying all TLS Protocol disabled. HOT 7
- Provide precompiled binaries for Linux, Mac HOT 3
- RHEL install with yum HOT 3
- providing a list with --targets doesnt work as only the first item on the list is being check upon HOT 1
- [Question] Cipher strength levels HOT 4
- False Positive 'TLS1.3 Server accepts all signature algorithms'
- gcc-13 warning: 'secondMethod' may be used uninitialized
- Feature Request : Write "security colors" as a text in XML output HOT 1
- Undocumented GPG verification key.
- Docker build stopped working HOT 2
- TLS 1.2 Cipher Suites not detected HOT 8
- Missing protocol and ciphers HOT 5
- TLS 1.3 Inconsistent results HOT 8
- 403 Sorry, your password was incorrect. Please double-check your password. HOT 1
- "Unable to parse certificate" with version 2.1.1 HOT 4
- Error when COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1: HOT 7
- Windows 2.1.2 release zip file contains 2.1.1 pre-compiled binary HOT 9
- Failure when scanning [::1] due to SNI HOT 2
- Suggestion: show also intermediate certificates HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslscan.