Hubert Kario
|
f04567d40e
|
check if certificate used by server is trused
Use system trust anchors to check if certificate chain used by server
is actually valid.
|
2014-04-05 19:36:51 +02:00 |
|
Hubert Kario
|
946cc6a9ac
|
Report the signature type used on server certificate
Parse the certificate used by server and report the signature used:
prio ciphersuite protocols pubkey_size signature_algorithm pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ecdsa-with-SHA512 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
4 AECDH-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None ECDH,P-256,256bits
5 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
6 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption RSA,512bits
|
2014-04-05 19:23:04 +02:00 |
|
Hubert Kario
|
f9fdd62a59
|
report key size used in server's certificate
Extend the report to show also server certificate key size:
prio ciphersuite protocols pubkey_size pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
4 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
5 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 RSA,512bits
|
2014-04-05 19:23:04 +02:00 |
|
Hubert Kario
|
ac3e5f4d62
|
Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2
Previously scan would report:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
Now it correctly reports:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
|
2014-04-05 18:47:37 +02:00 |
|
Michael Zeltner
|
05bd24b405
|
Cleaning up old style, fixing --allciphers
|
2014-04-04 20:46:40 -04:00 |
|
Michael Zeltner
|
45f0f3305d
|
Merge branch 'master' of https://github.com/MacLemon/cipherscan
|
2014-04-01 13:04:08 -04:00 |
|
Pepi Zawodsky
|
49214fc508
|
Verbose and Debug output go to stderr now. Added simple --delay function.
|
2014-02-18 02:05:26 +01:00 |
|
Michael Zeltner
|
8480e63ff7
|
Fixing a typo
|
2014-02-14 20:44:15 +01:00 |
|
Pepi Zawodsky
|
0282ae9209
|
Added simple debug function
|
2014-02-08 18:37:30 +01:00 |
|
Pepi Zawodsky
|
490c86c43e
|
Changed grep invocation to prevent strange grep versions to balk on -E
|
2014-02-08 01:14:40 +01:00 |
|
Michael Zeltner
|
26b52d4e17
|
Make mktemp obsolete
We have pipes, we shall use them!
|
2014-02-07 00:56:31 +01:00 |
|
Pepi Zawodsky
|
57f41d7376
|
Fixed variable renaming.
|
2014-02-06 23:32:12 +01:00 |
|
Pepi Zawodsky
|
9e5ce9cca3
|
Removed neccessity for timeout, thanks to mzeltner. Better parameter parsing with short- and longoptions. Can now pass a path to use any openssl. Now works on OS X.
|
2014-02-06 23:26:19 +01:00 |
|
Michael Zeltner
|
5c07a6e552
|
Support s_client args, give -starttls example
|
2014-02-02 15:41:16 +01:00 |
|
Julien Vehent
|
5df0fe3d52
|
Merge branch 'master' of github.com:jvehent/cipherscan
|
2014-01-09 11:53:54 -05:00 |
|
Julien Vehent
|
19d443b8fe
|
OpenSSL binary location fix
|
2014-01-09 11:52:43 -05:00 |
|
Simon Deziel
|
93ee5e3f33
|
Cleanup old temp files when a connection failed
|
2014-01-07 18:32:09 -05:00 |
|
Julien Vehent
|
af7b4ce18c
|
Rename CiphersScan to cipherscan
|
2013-12-09 11:01:30 -05:00 |
|