SSL cipher check strength check request

michaelcp / skipfish

Automatically exported from code.google.com/p/skipfish

Apache License 2.0

0 stars 0 forks source link

SSL cipher check strength check request #101

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

Feature request, not a bug.

When scanning an SSL site check for any supported SSL cipher that is weak 
(openssl has them grouped into NULL,LOW,aNULL,EXP 
http://www.openssl.org/docs/apps/ciphers.html) or otherwise broken.

Original issue reported on code.google.com by ryan%tgb...@gtempaccount.com on 28 Nov 2010 at 7:07

GoogleCodeExporter commented 9 years ago

Original comment by lcam...@gmail.com on 28 Nov 2010 at 7:19

Added labels: Priority-Low, Type-Enhancement
Removed labels: Priority-Medium, Type-Defect

GoogleCodeExporter commented 9 years ago

Thanks for the suggestion btw!

Enumerating SSL ciphers seems to better fit a network scanner like Nessus. 
However in the next version we will check the cipher of our SSL connection and 
report it when this cipher is not of SSL_MEDIUM or SSL_HIGH strength.

Original comment by niels.he...@gmail.com on 12 Apr 2012 at 9:06

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Original comment by niels.he...@gmail.com on 17 Apr 2012 at 8:04

Changed state: Started

GoogleCodeExporter commented 9 years ago

2.06b has the check implemented for the negotiated connection. We'll leave 
enumeration to the security scanners like Nessus.

Thanks for the report!

Original comment by niels.he...@gmail.com on 13 May 2012 at 10:43

Changed state: Fixed