search

OWASP / O-Saft

O-Saft - OWASP SSL advanced forensic tool
GNU General Public License v2.0
373 stars 86 forks source link

the protocols command #148

Closed kylak closed 3 months ago

kylak commented 3 months ago

Hi.

I was wondering why the protocols command took less time than the ./o-saft.pl my.tld +cipher --ciphermode=intern --cipher-range=full command (which tests all possible cipher suites on all TLS protocol, right?) ? Because to know if a server allows a certain TLS protocol we have to test, with the ClientHello, all cipher suites (about 65 thousands cipher suites as you mentioned it previously) on this protocol to see if the server accepts or no at least one cipher suite, because if the server accepts one cipher suite on a certain TLS version than the server allows this TLS version.

Could you tell how the protocols command work please? Thanks

EnDe commented 3 months ago

The --cipher-range=full applies to the +protocols command also, its the default range=intern if not specified.

kylak commented 3 months ago

Ok. Thanks.