testssl.sh | Testing TLS/SSL encryption anywhere on any port | TLS library
kandi X-RAY | testssl.sh Summary
kandi X-RAY | testssl.sh Summary
Testing TLS/SSL encryption anywhere on any port
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of testssl.sh
testssl.sh Key Features
testssl.sh Examples and Code Snippets
Community Discussions
Trending Discussions on testssl.sh
QUESTION
I use nghttp2 asio_http2_client with TLS 1.3 protocol, but when i try to add additional suites in cipher suites list via SSL_CTX_get_ciphers function, i don't see anything changes in my Client hello message. I.e. cipher suites list stay without changes.
My code example:
...ANSWER
Answered 2021-Apr-11 at 18:30If you go to the documentation for SSL_CTX_get_ciphers it states:
SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below)
and
This function does not impact TLSv1.3 ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those.
So you need to go read the SSL_CTX_set_cipher_list API as the v1.3 cipher list is a lot different and much smaller than up to v1.2 cipher list.
QUESTION
This question is closely related to one I asked yesterday, but my diagnostic information is different enough that I thought I'd update and resubmit: let me know if I should delete one of these.
I have a toy GRPC server written in .NET core that I need to connect to using a client using the grpc C core.
You can find the Startup.cs
and Program.cs
for the .net core server here. Nothing too interesting, except a call to UseHttps
. I've verified the server works by connecting to it (over https) from a .net core client.
However I've tried to connect to this server from clients written in both C++ and python now, and the result is a GRPC error 14 and the following message on the client side
...ANSWER
Answered 2021-Mar-12 at 00:21My connection troubles seem to have been caused by some misconfiguration on my machine, as I was unable to reproduce the errors on other setups. So that settles the "how do I get this to work?"
In response to those three specific questions I answered.
The helpful folks on my grpc issue came to the conclusion that no, the mixing of TLS versions I mentioned is not a problem
I'm still not sure what is causing one client hello packet to be rejected and the other accepted, but again it seems to be something specific to my machine which is not a problem on fresh Windows server 2019 or windows 10 VMs I've created
Not sure about this one: I'm pretty sure that I'm setting that environment variable correctly but I'm not sure why openssl doesn't recognize that value. Also, I don't think
GRPC_SSL_CIPHER_SUITES
has any effect on windows
QUESTION
In OpenSSL 1.0.2 we have used the ssl3_get_cipher_by_id()
function found in s3_lib.c
to obtain a cipher suite (SSL_CIPHER*
) using the IANA ID.
For example, the ID 0x00,0x2F
would give us the TLS_RSA_WITH_AES_128_CBC_SHA
cipher suite as an SSL_CIPHER
struct.
However, this function is not listed in the OpenSSL documentation from 1.0.2 and above, and while the function is still available in 1.1.1 it does not seem to work for newer cipher suites, e.g. returning NULL for both of these:
...ANSWER
Answered 2020-Aug-19 at 21:41You could use SSL_CIPHER_find(), which
... returns a SSL_CIPHER structure which has the cipher ID stored in ptr. The ptr parameter is a two element array of char, which stores the two-byte TLS cipher ID (as allocated by IANA) in network byte order.
see https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_find.html
C Program
C code for your two examples could look like this:
QUESTION
I have created a PHP secure websocket (wss) server using php React and Ratchet. I only have a self signed certificate, because I am currently only trying to use my server as a backend for an app, and so I don't need a domain name, as it's only for the app to access, not for people to access directly, and so it seems a waste of money to have to subscribe to a domain name just for that, and I would need a domain name before getting a trusted ssl certificate, and I own the server anyway. That being said, here is my code in
secure-socket-server.php:
...ANSWER
Answered 2019-Aug-20 at 15:21So, I managed to get it all working. First of all, as for the part with the handshake failing, I might have had the wrong paths for:
QUESTION
I'm currently working on setting up automatized pentest reporting. The scripts I set up perform TLS and other security checks to see if the application is secure in these aspects yes or no. Currently use the testssl.sh application (which can be found here: https://testssl.sh/) to perform these checks. I then output the findings to a csv file and created a script that greps the file in question and based on what is found, he will mention something is wrong or is correct. Seeing as I have performed a check and all values were correct, I apply invert greps to say that whenever the value cannot be found in the file, then he needs to perform a certain action.
At first I thought the script I was working on was working, however, when testing another site, the output generated is not correct. Things that are missing should be mentioned, however, when I invert grep only one term without placing OR statements in between the large amounts of things that need to be checked it seems to work.
I have tried all sorts of grep types to get a constant output, but no luck so far. So far, I have tried the following:
...ANSWER
Answered 2019-Jul-26 at 12:45This works, and may serve as an example (note I have commented out the redirection to /dev/null)
QUESTION
I have an instance of RabbitMQ 3.7.7-management image running. It has the rabbitmq-management plugin enabled and configured to use HTTPS as per the documentation:
...ANSWER
Answered 2018-Sep-13 at 23:42You will have to use the advanced.config
file to do so. I'm assuming that you have already created /etc/rabbitmq/rabbitmq.conf
with the settings you show. Create the /etc/rabbitmq/advanced.config
file with these contents and re-start RabbitMQ:
QUESTION
We're using the Text-finder Plugin in our installation. I created a job that runs the testssh.sh script that tests for SSL vulnerability and it produces an output like...
...ANSWER
Answered 2018-Mar-27 at 19:48Use negative lookbehind to instruct the regex to only match VULNERABLE
when it isn't preceded by potentially, i.e. the following regex should only match VULNERABLE
and not potentially VOLNERABLE
QUESTION
I have a file containing 1 000 000 domain names and I'm currently launching the script testssl.sh (http://testssl.sh) on each domain of the list (i.e each line of the file). I'm using GNU parallel to improve performance. Here is how I launch testssl.sh with GNU parallel :
...ANSWER
Answered 2017-Jul-25 at 22:20More and more processes will be hanging waiting for timeout.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install testssl.sh
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page