search

OWASP / O-Saft

O-Saft - OWASP SSL advanced forensic tool
GNU General Public License v2.0
372 stars 97 forks source link

the protocols command #148

Closed kylak closed 1 month ago

kylak commented 1 month ago

Hi.

I was wondering why the protocols command took less time than the ./o-saft.pl my.tld +cipher --ciphermode=intern --cipher-range=full command (which tests all possible cipher suites on all TLS protocol, right?) ? Because to know if a server allows a certain TLS protocol we have to test, with the ClientHello, all cipher suites (about 65 thousands cipher suites as you mentioned it previously) on this protocol to see if the server accepts or no at least one cipher suite, because if the server accepts one cipher suite on a certain TLS version than the server allows this TLS version.

Could you tell how the protocols command work please? Thanks

EnDe commented 1 month ago

The --cipher-range=full applies to the +protocols command also, its the default range=intern if not specified.

kylak commented 1 month ago

Ok. Thanks.