Penetration Testing mailing list archives
Re: How to check for SSL1 ?
From: "Sahir Hidayatullah" <sahirh () mielesecurity com>
Date: Thu, 29 Sep 2005 14:12:41 +0530 (IST)
Hi Thomas, Foundstone has a free tool called SSL Digger which basically does what you're looking for -- identify the cipher suites supported by a particular SSL connection. It is also fairly descriptive about why certain ciphersuites are weak etc. If I remember correctly it will do SSL1. You can get it here: http://www.foundstone.com/resources/proddesc/ssldigger.htm Cheers, Sahir Hidayatullah ------------------ Technical Consultant - Information Security MIEL e-Security Pvt. Ltd.
I hacked together an SSL-Checker (see a public version at http://serversniff.net/sslcheck.php) to check ssl-servers for supported protocols and ciphers. While the script is able to check for SSL2, SSL3, TLS1.0 and TLS1.1, I'm still looking for a software that is capable of checking servers for the ancient SSL1. Can anybody help me with a software that supports ssl1-connections? I also think to remember that there used to be other ancient secure-protocols supported by common servers - any hints on this? Thanks for any hints, Thomas ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- How to check for SSL1 ? Thomas Springer (Sep 28)
- Re: How to check for SSL1 ? Sahir Hidayatullah (Sep 29)
- Re: How to check for SSL1 ? Thomas Springer (Sep 29)
- Re: How to check for SSL1 ? Michael Sierchio (Sep 29)
- Re: How to check for SSL1 ? Thomas Springer (Sep 29)
- Re: How to check for SSL1 ? Sahir Hidayatullah (Sep 29)