Penetration Testing mailing list archives
Re: verify HTTPS 'vulnerabilities'
From: Thomas Springer <tuevsec () gmx net>
Date: Tue, 26 Jul 2005 17:27:31 +0200
Dan Rogers wrote:
List, Simple question: I have a report from Nessus telling me that a web server is offering 'export class' cyphers for it's SSL/TLS service. Nessus also managed to obtain an internal IP address from the host (which is correct). Only HTTPS is open.
i put an https-check based on openssl online at http://serversniff.net that tells you about certs and allowed ciphers on your https-server.
tom
Current thread:
- verify HTTPS 'vulnerabilities' Dan Rogers (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Daniel Grzelak (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Omar Herrera (Jul 21)
- Re: verify HTTPS 'vulnerabilities' Thomas Springer (Jul 26)
- Re: verify HTTPS 'vulnerabilities' Michael Sierchio (Jul 26)
- <Possible follow-ups>
- RE: verify HTTPS 'vulnerabilities' Jarmon, Don R (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Jordan Del-Grande (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Carl (Jul 22)
- RE: verify HTTPS 'vulnerabilities' Todd Towles (Jul 26)