search

rbsec / sslscan

sslscan tests SSL/TLS enabled services to discover supported cipher suites
GNU General Public License v3.0
2.3k stars 381 forks source link

Support post-quantum algorithms #314

Open fwh-dc opened 1 month ago

fwh-dc commented 1 month ago

I'm setting up a service with post-quantum algorithms and I'd like to be able to detect correct setup with sslscan.

Would you accept a contribution that allows printing post-quantum algorithms? And is it correct that I just need to update the list in testSupportedGroups()?

jtesta commented 1 month ago

Would you accept a contribution that allows printing post-quantum algorithms?

I'm not the maintainer, but I'd say this would be an important addition.

And is it correct that I just need to update the list in testSupportedGroups()?

I think I wrote that function, but I don't remember everything that would be necessary. There's only one way to find out!

Also, if you share how exactly you set up your test lab, that could help us with future testing. Thanks!

rbsec commented 1 month ago

Certainly no objections here - although I'm afraid that sslscan isn't a project I have a huge amount of time for ATM.

Proper support (i.e. the ability to make actual connections) would probably need to come from OpenSSL. But we do some of our own handshake stuff, so it may be possible to just hack it in there.

As well as testSupportedGroups() we also have a hard-coded list of groups in checkIfTLSVersionIsSupported() - so that might also need updating.