Open faldridge opened 6 years ago
I have some C code that does this, would sslyze be open to integrating it?
I have a PR with a green build up for this, #339, but I haven't been able to get any feedback on it.
Sorry, I haven't had time to look at this yet.
I'm hoping to finally get to this on the next release. For now I've removed the "preferred cipher suite" functionality as it was too buggy.
When implementing cipher suite order detection, the following behavior will have to be considered: https://github.com/nabla-c0d3/sslyze/issues/456.
I got asked about this recently, so here's an update : I've kind of given up on adding server cipher order preference, for a couple reasons:
In order to verify certain aspects of a given server's TLS configuration, e.g., full Forward Secrecy support, sslyze should be able to detect a server's full cipher suite order preference, for those that have them.