search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
360 stars 132 forks source link

Check for weak ciphers #501

Open matteocorti opened 6 months ago

matteocorti commented 6 months ago

Discussed in https://github.com/matteocorti/check_ssl_cert/discussions/500

Originally posted by **nickjwest** January 17, 2024 Can you add a check that will look for weak ciphers. such as is found using curl on Debian system where there is a default reject of anything below 2048. * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, bad certificate (554): * SSL certificate problem: EE certificate key too weak * Closing connection 0 curl: (60) SSL certificate problem: EE certificate key too weak More details here: https://curl.haxx.se/docs/sslcerts.html
matteocorti commented 6 months ago

Why not ...