Re: Checking SSLCiphersuite?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, 

Try run this command nmap --script ssl-cert,ssl-enum-ciphers 1.1.1.1 -p 443


On Wed, Dec 4, 2013 at 1:23 PM, LuKreme <kremels@xxxxxxxxx> wrote:
How do I checks what ciphers are available to the https compiled binary, and how do I check with of those are active in the configuration?

Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used on a server with a self-signed cert (there's no e-commerce or any financial data of any sort on the server).

If an existing server wants to switch so that all traffic is encrypted using DH if possible (interested in implementing Perfect Forward Secrecy) are there any "Gotcha's" lurking in the bushes?

If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH?

To be accessible for most people (including some Windows XP users), what else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES?

Which ones do I need to avoid?

--
It's like looking for the farmer's daughter in a haystack, and finding
the needle.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Daniel Theodoro
Cel: 11 9-9399-3364
http://www.linkedin.com/in/danieltheodoro

• RHCE - Red Hat Certified Engineer
• LPIC-3 - Senior Level Linux Certification
• Novell Certified Linux Administrator - Suse 11
• Novell Data Center Technical Specialist - Suse 11
• OCA - Oracle Enterprise Linux Administrator Certified Associate
expertise :
EX436 - Red Hat Enterprise Clustering and Storage Management,

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux