I recently ran into a problem where I needed to test which cipher suites were enabled for a particular server's SSL connections. More specifically, I wanted to make sure that none of the following null/anon ciphers were enabled.
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_DH_anon_WITH_RC4_128_MD5
TLS_DH_anon_WITH_AES_128_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
It turns out it this is really easy to test using the OpenSSL client via the following command.
% openssl s_client -host <HOST> -port <PORT> -cipher <CIPHER>
The cipher indicated on the command line has to match the OpenSSL name for the relevant cipher you wish to check. A full list of ciphers supported by OpenSSL along with their specification names and OpenSSL names can be found at the OpenSSL
website.
Good Morning, Brian!
ReplyDeleteI'm in a big problem with Openssl, If you can, please, see the topics below :
- http://groups.google.com.br/group/mailing.openssl.dev/browse_thread/thread/65b27a723255435e/5b8b25dfb73519d0#5b8b25dfb73519d0
- http://groups.google.com.br/group/mailing.openssl.users/browse_thread/thread/a9582db93411cd8b/477071b3a00e4ced#477071b3a00e4ced
- http://groups.google.com.br/group/alt.apache.configuration/browse_thread/thread/c44ddba769a18ada#
I post this problem at openssl-users@openssl.org too =).
Thanks a lot!
Best Regards,
Mariana Hoffart Dias