Commit graph

54 commits

Author SHA1 Message Date
Hubert Kario 9931ca2a2d update README with new examples
New features = new examples
2014-04-05 19:40:19 +02:00
Hubert Kario f04567d40e check if certificate used by server is trused
Use system trust anchors to check if certificate chain used by server
is actually valid.
2014-04-05 19:36:51 +02:00
Hubert Kario 946cc6a9ac Report the signature type used on server certificate
Parse the certificate used by server and report the signature used:

prio  ciphersuite              protocols                    pubkey_size  signature_algorithm    pfs_keysize
1     ECDHE-RSA-AES128-SHA256  TLSv1.2                      2048         sha1WithRSAEncryption  ECDH,P-256,256bits
2     ECDHE-ECDSA-AES128-SHA   SSLv3,TLSv1,TLSv1.1,TLSv1.2  256          ecdsa-with-SHA512      ECDH,P-256,256bits
3     AES128-SHA               SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption
4     AECDH-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  0            None                   ECDH,P-256,256bits
5     RC4-MD5                  SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption
6     EXP-RC4-MD5              SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  RSA,512bits
2014-04-05 19:23:04 +02:00
Hubert Kario f9fdd62a59 report key size used in server's certificate
Extend the report to show also server certificate key size:
prio  ciphersuite              protocols                    pubkey_size  pfs_keysize
1     ECDHE-RSA-AES128-SHA256  TLSv1.2                      2048         ECDH,P-256,256bits
2     ECDHE-ECDSA-AES128-SHA   SSLv3,TLSv1,TLSv1.1,TLSv1.2  256          ECDH,P-256,256bits
3     AES128-SHA               SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048
4     RC4-MD5                  SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048
5     EXP-RC4-MD5              SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         RSA,512bits
2014-04-05 19:23:04 +02:00
Hubert Kario 32eba4e644 update examples from README
since now the scan reports protocols correctly, update the example
to illustrate that
2014-04-05 18:47:37 +02:00
Hubert Kario ac3e5f4d62 Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2
Previously scan would report:
prio  ciphersuite                  protocols                    pfs_keysize
1     ECDHE-RSA-AES128-GCM-SHA256  SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
2     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits

Now it correctly reports:
prio  ciphersuite                  protocols                    pfs_keysize
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      ECDH,P-256,256bits
2     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
2014-04-05 18:47:37 +02:00
Julien Vehent afcc92db02 Merge pull request #5 from mzeltner/master
Cleaned up options and documented custom OpenSSL build
2014-04-04 21:26:59 -04:00
Michael Zeltner 05bd24b405
Cleaning up old style, fixing --allciphers 2014-04-04 20:46:40 -04:00
Michael Zeltner bf48cd2a3c
Documenting how to build OpenSSL with ChaCha20-Poly1305
Also updating README.md with new options by MacLemon
2014-04-01 14:29:55 -04:00
Michael Zeltner 45f0f3305d Merge branch 'master' of https://github.com/MacLemon/cipherscan 2014-04-01 13:04:08 -04:00
Pepi Zawodsky 49214fc508 Verbose and Debug output go to stderr now. Added simple --delay function. 2014-02-18 02:05:26 +01:00
Michael Zeltner 8480e63ff7
Fixing a typo 2014-02-14 20:44:15 +01:00
Pepi Zawodsky 3282c2c3a5 Improved reference of switches documentation formatting. 2014-02-10 19:46:46 +01:00
Pepi Zawodsky 0282ae9209 Added simple debug function 2014-02-08 18:37:30 +01:00
Pepi Zawodsky 0d93b5d37e Updated README to reflect the changes in cipherscan. 2014-02-08 17:07:54 +01:00
Pepi Zawodsky 490c86c43e Changed grep invocation to prevent strange grep versions to balk on -E 2014-02-08 01:14:40 +01:00
Michael Zeltner 26b52d4e17
Make mktemp obsolete
We have pipes, we shall use them!
2014-02-07 00:56:31 +01:00
Pepi Zawodsky 57f41d7376 Fixed variable renaming. 2014-02-06 23:32:12 +01:00
Pepi Zawodsky 9e5ce9cca3 Removed neccessity for timeout, thanks to mzeltner. Better parameter parsing with short- and longoptions. Can now pass a path to use any openssl. Now works on OS X. 2014-02-06 23:26:19 +01:00
Julien Vehent 1f92094b3d Merge pull request #4 from mzeltner/master
Support s_client args, give -starttls example. Contributed by mzeltner.
2014-02-02 18:15:27 -08:00
Michael Zeltner 5c07a6e552
Support s_client args, give -starttls example 2014-02-02 15:41:16 +01:00
Julien Vehent ae5d7ad15c Merge branch 'master' of github.com:jvehent/cipherscan 2014-01-31 10:24:02 -05:00
Julien Vehent b3ca13a5ae Rebuilt openssl to support ChaCha20/Poly1305. Test against google servers. 2014-01-31 10:22:21 -05:00
Julien Vehent 5e8b495a18 added many tests 2014-01-11 01:07:32 +00:00
Julien Vehent 1414973531 basic results parsing script in python 2014-01-10 05:50:03 +00:00
Julien Vehent f3c8b24b8b tweaks 2014-01-09 20:16:40 +00:00
Julien Vehent 5df0fe3d52 Merge branch 'master' of github.com:jvehent/cipherscan 2014-01-09 11:53:54 -05:00
Julien Vehent 19d443b8fe OpenSSL binary location fix 2014-01-09 11:52:43 -05:00
Julien Vehent e4ea957c8d Script to scan Alexa's top 1m websites 2014-01-09 11:52:17 -05:00
Julien Vehent 26948cbccf Merge pull request #3 from simondeziel/clean-temp
Cleanup old temp files when a connection failed
2014-01-07 19:04:43 -08:00
Simon Deziel 93ee5e3f33 Cleanup old temp files when a connection failed 2014-01-07 18:32:09 -05:00
Julien Vehent af7b4ce18c Rename CiphersScan to cipherscan 2013-12-09 11:01:30 -05:00
Julien Vehent 34a011ab71 Better doc 2013-12-09 10:40:23 -05:00
Julien Vehent f7c159b568 Support JSON output with -json 2013-12-09 10:16:45 -05:00
Julien Vehent 4420db6f9b prevent http keep-alive from blocking the scan 2013-11-20 11:51:37 -05:00
Julien Vehent 7c55288a7e Fix test of all ciphers individually 2013-11-20 10:47:59 -05:00
Julien Vehent d6556f5620 Progress indicator 2013-11-20 10:47:23 -05:00
Julien Vehent 889a75722d doc update 2013-11-20 10:33:58 -05:00
Julien Vehent a0e4f96a7b Test all versions of SSL and TLS 2013-11-20 10:30:45 -05:00
Julien Vehent 69087f27ac User larger list of cipher with COMPLEMENTOFALL 2013-11-20 10:30:14 -05:00
Julien Vehent eaa586a1fa add comment for system openssl 2013-11-20 09:30:52 -05:00
Julien Vehent d794fa75ee Added OpenSSL License 2013-11-05 15:53:55 -05:00
Julien Vehent ee3200ebe5 remove last entry NONE 2013-11-05 15:51:00 -05:00
Julien Vehent 5a483775d7 Updated README 2013-09-26 09:33:22 +02:00
Julien Vehent 627701ec63 Add PFS key size to results 2013-09-24 17:02:31 +02:00
Julien Vehent 4a51ef71d6 Added protocol 2013-08-07 10:40:03 -04:00
Julien Vehent d2b82ed871 Added option to scan all known ciphers "-a" 2013-08-03 22:07:13 -04:00
Julien Vehent f5ff56344a Use local openssl & return microseconds for benchmark 2013-07-19 09:45:06 -04:00
Julien Vehent a651af9857
Updated README 2013-07-18 21:01:44 -04:00
Julien Vehent 2a9e80ea7e doc update 2013-07-17 15:19:51 -04:00