anhilo / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

SSL cipher check strength check request #101

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Feature request, not a bug.

When scanning an SSL site check for any supported SSL cipher that is weak 
(openssl has them grouped into NULL,LOW,aNULL,EXP 
http://www.openssl.org/docs/apps/ciphers.html) or otherwise broken.

Original issue reported on code.google.com by ryan%tgb...@gtempaccount.com on 28 Nov 2010 at 7:07

GoogleCodeExporter commented 9 years ago

Original comment by lcam...@gmail.com on 28 Nov 2010 at 7:19

GoogleCodeExporter commented 9 years ago
Thanks for the suggestion btw!

Enumerating SSL ciphers seems to better fit a network scanner like Nessus. 
However in the next version we will check the cipher of our SSL connection and 
report it when this cipher is not of SSL_MEDIUM or SSL_HIGH strength.  

Original comment by niels.he...@gmail.com on 12 Apr 2012 at 9:06

GoogleCodeExporter commented 9 years ago

Original comment by niels.he...@gmail.com on 17 Apr 2012 at 8:04

GoogleCodeExporter commented 9 years ago
2.06b has the check implemented for the negotiated connection. We'll leave 
enumeration to the security scanners like Nessus.

Thanks for the report!

Original comment by niels.he...@gmail.com on 13 May 2012 at 10:43