prbinu
commented
4 years ago Hi, Can you explain your use case a bit more? tls-scan is to scan large number of servers, and the TLS client cert auth is not common for public endpoints.
Closed isaacagudo closed 4 years ago
prbinu
commented
4 years ago Hi, Can you explain your use case a bit more? tls-scan is to scan large number of servers, and the TLS client cert auth is not common for public endpoints.
isaacagudo
commented
4 years ago Hi, I am using the tool for academic purposes. I am asking students to setup TLS servers with different configurations and I wan to check that they have done it right. Currently I am using tls-scan to extract the server certificate in JSON. I am having no luck with enumerating ciphers yet, but one thing I can't check with the tool is wether they properly configure mutual authentication in their server.
prbinu
commented
4 years ago I am having no luck with enumerating ciphers yet,
Did you try --all option? It can enumerate all ciphers supported by the server.
I can look into adding client certs. Meanwhile if you would like to take a stab at it, you are welcome!
isaacagudo
commented
4 years ago Did you try --all option? It can enumerate all ciphers supported by the server.
I solved the issue with the --no-parallel-enum option. Apparently the Node.js https server I was using don't go well with parallel enumeration. I also tried before adding delays but didn't work either. Now it takes a long of time to give the result but it seems to detect all ciphers and TLS versions properly
prbinu
commented
4 years ago Re-open this ticket if you thing this is still an issue.
Do you think we could use pls-scan to test some servers that require client authentication.
Would it be possible to parse the accepted CA list. You can get that information using the -prexit option serverfault question Also, it would be good to have a way to pass the client certificate as an option to tls-scan.
If you point me to the relevant part of the code, I could try to help implementing that.