[clug] Crypto debugging
Tony Lewis
tony at lewistribe.com
Mon Jan 31 10:49:16 UTC 2022
I'm working in a constrained environment (limited ability to get hands
on keyboard or install stuff) and I need to figure out the simplest way
to be able to run scans to tell me what versions of SSL/TLS, and what
ciphers, including weak ones, are running on other boxes in that
environment.
I've considered:
* running openssl s_client:
o decent versions have weak ciphers disabled at compile time, so
out of the box it doesn't help much
* compiling openssl with weak ciphers included
o I've limited experience recompiling on this platform but could
look into it
* installing and running openvas
o this will change the environment a bit, including adding
repositories so was hoping to avoid
o also, no experience, so there is a learning curve
Can anyone suggest a tool that can do this with a minimum of effort and
change to the environment. Ideally I can just run it and point it at an
ip:port and get a summary of the certificate, protocol and ciphers offered.
Thanks,
Tony
More information about the linux
mailing list