d7b99f125e
restore `timeout`
...
some servers have port 443 open but won't reply to ClientHello
requests, this hangs openssl s_client, as such we need to kill it
after some timeout
2014-05-09 12:00:53 +02:00
4e0e03b61e
make default output more narrow
...
If server uses the same certificate for all connections, it's
useless to print the same information over and over.
In such case, omit those columns and print a summary at the end
2014-04-06 18:01:13 +02:00
f04567d40e
check if certificate used by server is trused
...
Use system trust anchors to check if certificate chain used by server
is actually valid.
2014-04-05 19:36:51 +02:00
946cc6a9ac
Report the signature type used on server certificate
...
Parse the certificate used by server and report the signature used:
prio ciphersuite protocols pubkey_size signature_algorithm pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ecdsa-with-SHA512 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
4 AECDH-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None ECDH,P-256,256bits
5 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
6 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption RSA,512bits
2014-04-05 19:23:04 +02:00
f9fdd62a59
report key size used in server's certificate
...
Extend the report to show also server certificate key size:
prio ciphersuite protocols pubkey_size pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
4 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
5 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 RSA,512bits
2014-04-05 19:23:04 +02:00
ac3e5f4d62
Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2
...
Previously scan would report:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
Now it correctly reports:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2014-04-05 18:47:37 +02:00
05bd24b405
Cleaning up old style, fixing --allciphers
2014-04-04 20:46:40 -04:00
45f0f3305d
Merge branch 'master' of https://github.com/MacLemon/cipherscan
2014-04-01 13:04:08 -04:00
49214fc508
Verbose and Debug output go to stderr now. Added simple --delay function.
2014-02-18 02:05:26 +01:00
8480e63ff7
Fixing a typo
2014-02-14 20:44:15 +01:00
0282ae9209
Added simple debug function
2014-02-08 18:37:30 +01:00
490c86c43e
Changed grep invocation to prevent strange grep versions to balk on -E
2014-02-08 01:14:40 +01:00
26b52d4e17
Make mktemp obsolete
...
We have pipes, we shall use them!
2014-02-07 00:56:31 +01:00
57f41d7376
Fixed variable renaming.
2014-02-06 23:32:12 +01:00
9e5ce9cca3
Removed neccessity for timeout, thanks to mzeltner. Better parameter parsing with short- and longoptions. Can now pass a path to use any openssl. Now works on OS X.
2014-02-06 23:26:19 +01:00
5c07a6e552
Support s_client args, give -starttls example
2014-02-02 15:41:16 +01:00
5df0fe3d52
Merge branch 'master' of github.com:jvehent/cipherscan
2014-01-09 11:53:54 -05:00
19d443b8fe
OpenSSL binary location fix
2014-01-09 11:52:43 -05:00
93ee5e3f33
Cleanup old temp files when a connection failed
2014-01-07 18:32:09 -05:00
af7b4ce18c
Rename CiphersScan to cipherscan
2013-12-09 11:01:30 -05:00
Hubert Kario
Michael Zeltner
Pepi Zawodsky
Julien Vehent
Simon Deziel