# cat /etc/redhat-release ;uname -ri
Fedora release 19 (Schrödinger’s Cat)
3.10.9-200.fc19.x86_64 x86_64
|
download the following script
# bunzip2 tlssled.sh.bz2
# chmod u+x tlssled.sh
|
before using this script, install sslscan which is required to run the script.
# yum install -y sslscan
|
run the script
# ./tlssled.sh 192.168.100.170 443
------------------------------------------------------
TLSSLed - (1.0) based on sslscan and openssl
by Raul Siles (www.taddong.com)
( inspired by ssl_test.sh by Aung Khant )
------------------------------------------------------
+ openssl version: OpenSSL 1.0.1e-fips 11 Feb 2013
+ sslscan version 1.8.2
------------------------------------------------------
[*] Analyzing SSL/TLS on 192.168.100.170:443 ...
[*] Running sslscan on 192.168.100.170:443...
[*] Testing for SSLv2 ...
[*] Testing for NULL cipher ...
[*] Testing for weak ciphers (based on key length) ...
[*] Testing for strong ciphers (AES) ...
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
[*] Testing for MD5 signed certificate ...
[*] Checking preferred server ciphers ...
Prefered Server Cipher(s):
SSLv3 256 bits DHE-RSA-AES256-SHA
TLSv1 256 bits DHE-RSA-AES256-SHA
[*] Testing for SSLv3/TLSv1 renegotiation vuln. (CVE-2009-3555) ...
depth=0 CN = ubuntu.defaultdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = ubuntu.defaultdomain
verify return:1
RENEGOTIATING
Secure Renegotiation IS supported
139944629389216:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
[*] New files created:
-rw-r--r--. 1 root root 9701 9月 3 00:45 sslscan_192.168.100.170:443_2013-09-03_00:45:03.log
[*] done
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.