sslmap | SSLMap - TLS/SSL cipher suite scanner | TLS library

by iphelix Python Version: Current License: No License

X-Ray Key Features Code Snippets Community Discussions(3)Vulnerabilities Install Support

kandi X-RAY | sslmap Summary

sslmap is a Python library typically used in Security, TLS applications. sslmap has no bugs, it has no vulnerabilities and it has low support. However sslmap build file is not available. You can download it from GitHub.

The latest version of this document can be obtained from SSLMap is a lightweight TLS/SSL cipher suite scanner. The tool was designed to meet the need of a simple but reliable way to detect weak ciphers suites enabled on SSL endpoints. SSLMap uses a custom SSL engine to avoid unnecessary limitations imposed by existing libraries, as a result it is capable of detecting uncommon cipher suites (e.g. GOST).

Support

Quality

Security

License

Reuse

Support

sslmap has a low active ecosystem.

It has 48 star(s) with 18 fork(s). There are 3 watchers for this library.

It had no major release in the last 6 months.

There are 1 open issues and 0 have been closed. On average issues are closed in 1184 days. There are 1 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of sslmap is current.

Quality

sslmap has 0 bugs and 0 code smells.

Security

sslmap has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

sslmap code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

sslmap does not have a standard license declared.

Check the repository for any license declaration and review the terms closely.

Without a license, all rights are reserved, and you cannot use the library in your applications.

Reuse

sslmap releases are not available. You will need to build from source code and install.

sslmap has no build file. You will be need to create the build yourself to build the component from source.

Installation instructions are not available. Examples and code snippets are available.

sslmap saves you 199 person hours of effort in developing the same functionality from scratch.

It has 489 lines of code, 6 functions and 1 files.

It has low code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed sslmap and discovered the below as its top functions. This is intended to give you an instant insight into sslmap implemented functionality, and help decide if they suit your requirements.

Check cipher .
Load custom cipher suite database .
Print the cipher information .
Generate a report for each cipher suite .
Looks for all available cipher suites .
Scan for known cipher suites .

Get all kandi verified functions for this library.

sslmap Key Features

No Key Features are available at this moment for sslmap.

sslmap Examples and Code Snippets

No Code Snippets are available at this moment for sslmap.

Community Discussions

Trending Discussions on sslmap

AWS ELB redirect HTTP to HTTPS

JSSEHelper does not provide the correct SSLSocketFactory for extablishing secure connection in Websphere 8.0

Specifying an outbound SSL configuration programmatically using JSSEHelper on Websphere 8.0. does not work

QUESTION

AWS ELB redirect HTTP to HTTPS

Asked 2019-Sep-04 at 09:04

I am using this CloudFormation template https://github.com/widdix/aws-cf-templates/blob/master/jenkins/jenkins2-ha-agents.yaml to setup a jenkins server.

I want to now add an SSL to the ELB and have modified https://github.com/widdix/aws-cf-templates/blob/master/jenkins/jenkins2-ha-agents.yaml#L511-L519 to the following:

...

ANSWER

Answered 2019-Sep-04 at 09:04

ok, i needed to open access to 433 from the ELB, with:

Source https://stackoverflow.com/questions/57775893

QUESTION

JSSEHelper does not provide the correct SSLSocketFactory for extablishing secure connection in Websphere 8.0

Asked 2018-Jan-06 at 08:27

I was working with 8.0 version of Websphere application server. I was trying to get SSLSocketFactory from JSSEHelper. Although

I have successfuly got the SSLSocketFactory
I have successfuly got the SSLSocket from SSLSocketFactory
I have successfuly established the secure connection,

but cipher suites provided in ClientHello message corresponded neither to

CellDefault SSL Settings/NodeDefault SSL Settings/NodeDefaultnor
nor to my own custom SSL configuration.

The solution to this problem was to avoid retrieving SSLSocketFactory from JSSEHelper. Instead of using JSSEHelper, I should use static method getDefault() from SSLSocketFactory class in whis way:

...

ANSWER

Answered 2018-Jan-06 at 08:27

Although it is not intuitive, statement:

Source https://stackoverflow.com/questions/47953480

QUESTION

Specifying an outbound SSL configuration programmatically using JSSEHelper on Websphere 8.0. does not work

Asked 2017-Dec-19 at 18:23

I am trying to create an SSL connection programmatically using a CUSTOM outbound ssl configuration configured in WAS 8.0.0.13 (IBM Websphere application server that uses java 1.6.0): (Security->SSL certificate and key managemement->Related Items:SSL configurations). The secure connection has been created successfully:a servlet that resides on the WAS server has connected to a server-side Socket listening on 127.0.0.1:1234. The problem is that my preferred cipher suites defined in 'Quality of Protection (QoP) settings' within SSL configuration are ignored. All the other properties (such as protocol or JSSE provider) are nicely regarded.

I have implemented a Servlet which was in the role of an SSL-client. This Servlet used this custom SSL configuration which had the following cipher suites defined:

SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_
SHA SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256

Unfortunately, a different list of cipher suites has been provided in ClientHello request:

SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RENEGO_PROTECTION_REQUEST

(This custom SSL configuration contained TLSv1.1 protocol in its definition.)

I have also tried another protocol (TLSv1.2) with a smaller set of cipher suites:

SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256

Once again, a different list of cipher suites was provided in ClientHello request:

SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Moreover, I have also checked cell-default cipher suites and node-default-cipher-suites and there is no match between them and those provided in the ClientHello: Default Node Configuration/Default Cell Configuration:

SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256

I have followed these instructions: https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/tsec_ssloutconfiguseJSSE.html

and have created the following implementation. 'doGet' method is an entry point:

...

ANSWER

Answered 2017-Dec-17 at 14:52

thank you for your tips! I followed these instructions:

https://www-01.ibm.com/support/docview.wss?uid=swg21162961

to increase log/trace level based on your tips. If I had to make some other configuration changes, please let me know.

I gathered log files only from these subdirectories:

../logs/server1
../logs/nodeagent
../logs/ffdc and placed them into ALL_LOGS/logs directory within these files:

https://drive.google.com/open?id=18TMYyjKx8L_pd8TxFG1uq1rOmikVyWeg

, so if there are also other log/trace files in different locations, please let me know. (Only Delta is present in these files since I cleared all the log/trace files before starting the server and retesting my scenario.)

I found only this in ffdc logs:

The client and server could not negotiate the desired level of security.Reason: Received fatal alert: handshake_failure vmcid: 0x49421000 minor code: 70 completed: No

I am not sure whether is the root cause of my problem, but no google results seemed to be relevant to my problem. As far as google results are concerned, I meant these:

https://www.ibm.com/developerworks/community/forums/html/topic?id=a2910c33-8f55-4ef7-823d-7ae367682e35

http://www.dsxchange.com/viewtopic.php?t=134492&sid=f6e236a4f14a9d80fc51c0820e5f7ce7 None of them was helpful...

Along with logs-subdirectories, I am also attaching server-side socket stdout with stderr in TLSv1.1_enforce_OnThread.log. Additionally, I am also attaching client-side configuration CONFIG_TLSv1.1._ENFORSE_SSL_ON_THREAD.png

Could you please check these log files? Thank you honestly very much.

-- Michael

Source https://stackoverflow.com/questions/47827493

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install sslmap

You can download it from GitHub.
You can use sslmap like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: