Openssl: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
|||
| Line 32: | Line 32: | ||
Will spit out a lit of the supported cypher variations. | Will spit out a lit of the supported cypher variations. | ||
== enumerate an enpoint == | |||
``` | |||
#! /bin/bash | |||
serverport=$1 | |||
echo testing against $serverport | |||
for v in ssl2 ssl3 tls1 tls1_1 tls1_2; do | |||
for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do | |||
openssl s_client -connect $serverport \ | |||
-cipher $c -$v < /dev/null > /dev/null 2>&1 && echo -e "$v:\t$c" | |||
done | |||
done | |||
``` | |||
== Matching key with cert == | == Matching key with cert == | ||
Revision as of 20:34, 29 July 2020
connect to ssl at the command line:
https:
openssl s_client -connect server:443
smtp tls:
openssl s_client -connect server:25 -starttls smtp
more here: http://www.madboa.com/geek/openssl/
CA or not CA
Web Server Cert:
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
CA Cert:
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Supported Cyphers
You are configuring your favourite app that uses openssl libs. You give it a "cyphers string". Am I allowing bad varitions?
openssl ciphers -v TLSv1.2:+TLSv1.1:+SHA384:+SHA256:+SHA1:+MD5
Will spit out a lit of the supported cypher variations.
enumerate an enpoint
```
- ! /bin/bash
serverport=$1 echo testing against $serverport
for v in ssl2 ssl3 tls1 tls1_1 tls1_2; do
for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do
openssl s_client -connect $serverport \
-cipher $c -$v < /dev/null > /dev/null 2>&1 && echo -e "$v:\t$c"
done
done ```
Matching key with cert
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5
Certificate Verification Tools
https://www.sslshopper.com/ssl-checker.html
https://www.ssllabs.com/ssltest/
