[clug] Crypto debugging
David C
cottrill.david at gmail.com
Mon Jan 31 11:30:09 UTC 2022
Iptables packet log might have enough for protocol analysis. Better be
desperate. Probably need to tweak the easy options to capture binary data
and do it by hand.
Hopefully there is a better option.
On Mon, 31 Jan 2022, 10:02 pm Simon Oxwell via linux, <linux at lists.samba.org>
wrote:
> Testssl.sh might fit the bill?
>
> https://github.com/drwetter/testssl.sh
>
>
> Simon
>
> On Mon, 31 Jan 2022, 21:50 Tony Lewis via linux, <linux at lists.samba.org>
> wrote:
>
> > I'm working in a constrained environment (limited ability to get hands
> > on keyboard or install stuff) and I need to figure out the simplest way
> > to be able to run scans to tell me what versions of SSL/TLS, and what
> > ciphers, including weak ones, are running on other boxes in that
> > environment.
> >
> > I've considered:
> >
> > * running openssl s_client:
> > o decent versions have weak ciphers disabled at compile time, so
> > out of the box it doesn't help much
> > * compiling openssl with weak ciphers included
> > o I've limited experience recompiling on this platform but could
> > look into it
> > * installing and running openvas
> > o this will change the environment a bit, including adding
> > repositories so was hoping to avoid
> > o also, no experience, so there is a learning curve
> >
> > Can anyone suggest a tool that can do this with a minimum of effort and
> > change to the environment. Ideally I can just run it and point it at an
> > ip:port and get a summary of the certificate, protocol and ciphers
> offered.
> >
> > Thanks,
> >
> > Tony
> >
> > --
> > linux mailing list
> > linux at lists.samba.org
> > https://lists.samba.org/mailman/listinfo/linux
> >
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
More information about the linux
mailing list