[clug] Crypto debugging

Bob Edwards bob at cs.anu.edu.au
Thu Feb 3 06:34:23 UTC 2022

On 31/1/22 10:42 pm, Tony Lewis via linux wrote:
> Impressive tool.  I'll see whether there's access to github.
> Thanks

I've used testssl.sh quite a bit - esp. when I want to know how
bad my SSL sites are before letting Qualys know about them...

Also good for checking sites inside a network that can't be reached
by outside tools (such as Qualys etc.).

If you can't access github from your env. then clone it elsewhere,
tar it up and copy it over. It isn't very large or complex.

I have used OpenVAS a bit in the past. Lots of setting up of servers
etc. and you, generally, need to access it from a web-browser.

Bob Edwards.

> On 31/1/22 10:01 pm, Simon Oxwell wrote:
>> Testssl.sh might fit the bill?
>> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdrwetter%2Ftestssl.sh&data=04%7C01%7Cu8909374%40uds.anu.edu.au%7C5a1a9140941347230f1b08d9e4aee418%7Ce37d725cab5c46249ae5f0533e486437%7C0%7C0%7C637794580929474488%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cG%2FLY69hBT0J8IBJYo4Z5GN0i0J1cl1j0FVMGYhmJsE%3D&reserved=0 
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdrwetter%2Ftestssl.sh&data=04%7C01%7Cu8909374%40uds.anu.edu.au%7C5a1a9140941347230f1b08d9e4aee418%7Ce37d725cab5c46249ae5f0533e486437%7C0%7C0%7C637794580929474488%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cG%2FLY69hBT0J8IBJYo4Z5GN0i0J1cl1j0FVMGYhmJsE%3D&reserved=0> 
>> Simon
>> On Mon, 31 Jan 2022, 21:50 Tony Lewis via linux, 
>> <linux at lists.samba.org <mailto:linux at lists.samba.org>> wrote:
>>     I'm working in a constrained environment (limited ability to get
>>     hands
>>     on keyboard or install stuff) and I need to figure out the
>>     simplest way
>>     to be able to run scans to tell me what versions of SSL/TLS, and what
>>     ciphers, including weak ones, are running on other boxes in that
>>     environment.
>>     I've considered:
>>       * running openssl s_client:
>>           o decent versions have weak ciphers disabled at compile 
>> time, so
>>             out of the box it doesn't help much
>>       * compiling openssl with weak ciphers included
>>           o I've limited experience recompiling on this platform but 
>> could
>>             look into it
>>       * installing and running openvas
>>           o this will change the environment a bit, including adding
>>             repositories so was hoping to avoid
>>           o also, no experience, so there is a learning curve
>>     Can anyone suggest a tool that can do this with a minimum of
>>     effort and
>>     change to the environment.  Ideally I can just run it and point it
>>     at an
>>     ip:port and get a summary of the certificate, protocol and ciphers
>>     offered.
>>     Thanks,
>>     Tony
>>     --     linux mailing list
>>     linux at lists.samba.org <mailto:linux at lists.samba.org>
>> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Flinux&data=04%7C01%7Cu8909374%40uds.anu.edu.au%7C5a1a9140941347230f1b08d9e4aee418%7Ce37d725cab5c46249ae5f0533e486437%7C0%7C0%7C637794580929474488%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=gKsGrIbjsLCuw6UnttYTLqb0zrVNjWR7VIewqA1YF3k%3D&reserved=0 
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Flinux&data=04%7C01%7Cu8909374%40uds.anu.edu.au%7C5a1a9140941347230f1b08d9e4aee418%7Ce37d725cab5c46249ae5f0533e486437%7C0%7C0%7C637794580929474488%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=gKsGrIbjsLCuw6UnttYTLqb0zrVNjWR7VIewqA1YF3k%3D&reserved=0> 

More information about the linux mailing list