Security Basics mailing list archives
Re: Encryption Level of web site
From: "Dana Epp" <dana () vulscan com>
Date: Wed, 18 Jun 2003 14:49:14 -0700
Firstly, being that nessus uses nasl scripts and plugins from source, you SHOULD be able to find out exactly what they are doing from there. Check something like /usr/src/nessus/nessus-plugins/ to get a better understanding. I would guess from your email that you want to know how the SSL cipher checks work in nessus. I haven't taken a look, but I would guess its pretty straight forward. The trick is to connect to the server via SSL, and then find out the ciphers available to the server by querying it. You can pretty much get all this info by checking the RFC specs, but a lot of heavy lifting is done for you already if you were to use something like the openssl libs, which should work on the platforms you want to query from. As a starting point I would check out http://www.openssl.org/docs/ and read up on the SSL API. Basically you want to use a basic SSL connection framework and call the ultra secret API call to do it all for ya.... SSL_get_ciphers(), which is the API call to get the list of available ciphers for the given target. To get you started, I would check out http://www.openssl.org/docs/ssl/ssl.html Good luck. Happy hacking. --- Regards, Dana M. Epp ----- Original Message ----- From: "Patrick Boucher" <pboucher () gardienvirtuel com> To: <security-basics () securityfocus com> Sent: Wednesday, June 18, 2003 9:21 AM Subject: Encryption Level of web site
Greetings, I would like to know what are the permited (and deny) encryption Level
on a
Web Site. Nessus tell me that my target host accept 40 bit, 56 bits and 128 bits encryptions.. I would like to know how that information was obtained? How can i get that information?(Without using Nessus) In Linux and Windows
?
Thank you. -- Patrick Boucher --------------------------------------------------------------------------
-
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Encryption Level of web site Patrick Boucher (Jun 18)
- Re: Encryption Level of web site Dana Epp (Jun 18)
- <Possible follow-ups>
- RE: Encryption Level of web site Michaels, Tod (Jun 18)
- Re: Encryption Level of web site Nicholas Diotte (Jun 19)
- Re: Encryption Level of web site Patrick Boucher (Jun 20)
- Re: Encryption Level of web site Dana Epp (Jun 21)
- Re: Encryption Level of web site Patrick Boucher (Jun 20)
- Re: Encryption Level of web site Nick Diotte (Jun 21)