[clug] Crypto debugging

[Tony Lewis]

Impressive tool.  I'll see whether there's access to github.

Thanks

On 31/1/22 10:01 pm, Simon Oxwell wrote:
> Testssl.sh might fit the bill?
>
> https://github.com/drwetter/testssl.sh 
> <https://github.com/drwetter/testssl.sh>
>
>
> Simon
>
> On Mon, 31 Jan 2022, 21:50 Tony Lewis via linux, 
> <linux at lists.samba.org <mailto:linux at lists.samba.org>> wrote:
>
>     I'm working in a constrained environment (limited ability to get
>     hands
>     on keyboard or install stuff) and I need to figure out the
>     simplest way
>     to be able to run scans to tell me what versions of SSL/TLS, and what
>     ciphers, including weak ones, are running on other boxes in that
>     environment.
>
>     I've considered:
>
>       * running openssl s_client:
>           o decent versions have weak ciphers disabled at compile time, so
>             out of the box it doesn't help much
>       * compiling openssl with weak ciphers included
>           o I've limited experience recompiling on this platform but could
>             look into it
>       * installing and running openvas
>           o this will change the environment a bit, including adding
>             repositories so was hoping to avoid
>           o also, no experience, so there is a learning curve
>
>     Can anyone suggest a tool that can do this with a minimum of
>     effort and
>     change to the environment.  Ideally I can just run it and point it
>     at an
>     ip:port and get a summary of the certificate, protocol and ciphers
>     offered.
>
>     Thanks,
>
>     Tony
>
>     -- 
>     linux mailing list
>     linux at lists.samba.org <mailto:linux at lists.samba.org>
>     https://lists.samba.org/mailman/listinfo/linux
>     <https://lists.samba.org/mailman/listinfo/linux>
>