mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
Updated README
This commit is contained in:
parent
f703ca9c26
commit
370348ba1b
205
README.md
205
README.md
@ -1,6 +1,8 @@
|
|||||||
CipherScan
|
CipherScan
|
||||||
==========
|
==========
|
||||||
A very simple way to find out which SSL ciphersuites are supported by a target.
|
A very simple way to find out which SSL/TLS ciphersuites are supported by a target.
|
||||||
|
|
||||||
|
Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations. Cipherscan uses the `openssl s_client` command line to run the tests.
|
||||||
|
|
||||||
On Linux x86_64 run: ./cipherscan www.google.com:443
|
On Linux x86_64 run: ./cipherscan www.google.com:443
|
||||||
On any other *nix or *tux run: ./cipherscan -o /path/to/openssl www.google.com:443
|
On any other *nix or *tux run: ./cipherscan -o /path/to/openssl www.google.com:443
|
||||||
@ -44,38 +46,183 @@ Testing plain SSL/TLS:
|
|||||||
```
|
```
|
||||||
linux $ ./cipherscan www.google.com:443
|
linux $ ./cipherscan www.google.com:443
|
||||||
...................
|
...................
|
||||||
prio ciphersuite protocols pubkey_size signature_algorithm trusted pfs_keysize
|
prio ciphersuite protocols pfs_keysize
|
||||||
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 ECDH,P-256,256bits
|
||||||
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
|
||||||
3 ECDHE-RSA-AES128-SHA TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
3 ECDHE-RSA-AES128-SHA TLSv1.1,TLSv1.2 ECDH,P-256,256bits
|
||||||
4 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
4 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
|
||||||
5 AES128-GCM-SHA256 TLSv1.2 2048 sha1WithRSAEncryption True
|
5 AES128-GCM-SHA256 TLSv1.2
|
||||||
6 AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption True
|
6 AES128-SHA256 TLSv1.2
|
||||||
7 AES128-SHA TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True
|
7 AES128-SHA TLSv1.1,TLSv1.2
|
||||||
8 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True
|
8 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
||||||
9 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True
|
9 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
||||||
10 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
10 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits
|
||||||
11 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
11 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits
|
||||||
12 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
12 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
|
||||||
13 AES256-GCM-SHA384 TLSv1.2 2048 sha1WithRSAEncryption True
|
13 AES256-GCM-SHA384 TLSv1.2
|
||||||
14 AES256-SHA256 TLSv1.2 2048 sha1WithRSAEncryption True
|
14 AES256-SHA256 TLSv1.2
|
||||||
15 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True
|
15 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
||||||
16 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
16 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
|
||||||
17 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption True
|
17 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
||||||
18 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption True ECDH,P-256,256bits
|
18 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits
|
||||||
|
|
||||||
|
Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
|
||||||
```
|
```
|
||||||
|
|
||||||
Testing STARTTLS:
|
Testing STARTTLS:
|
||||||
```
|
```
|
||||||
darwin $ ./cipherscan -o ./openssl-mine -starttls xmpp jabber.ccc.de:5222
|
darwin $ ./cipherscan -o ./openssl-mine -starttls xmpp jabber.ccc.de:5222
|
||||||
.........
|
.........
|
||||||
prio ciphersuite protocols pubkey_size signature_algorithm trusted pfs_keysize
|
.........
|
||||||
1 DHE-RSA-AES256-SHA SSLv3,TLSv1 2048 sha1WithRSAEncryption False DH,1024bits
|
prio ciphersuite protocols pfs_keysize
|
||||||
2 AES256-SHA SSLv3,TLSv1 2048 sha1WithRSAEncryption False
|
1 DHE-RSA-AES256-SHA SSLv3,TLSv1 DH,1024bits
|
||||||
3 EDH-RSA-DES-CBC3-SHA SSLv3,TLSv1 2048 sha1WithRSAEncryption False DH,1024bits
|
2 AES256-SHA SSLv3,TLSv1
|
||||||
4 DES-CBC3-SHA SSLv3,TLSv1 2048 sha1WithRSAEncryption False
|
3 EDH-RSA-DES-CBC3-SHA SSLv3,TLSv1 DH,1024bits
|
||||||
5 DHE-RSA-AES128-SHA SSLv3,TLSv1 2048 sha1WithRSAEncryption False DH,1024bits
|
4 DES-CBC3-SHA SSLv3,TLSv1
|
||||||
6 AES128-SHA SSLv3,TLSv1 2048 sha1WithRSAEncryption False
|
5 DHE-RSA-AES128-SHA SSLv3,TLSv1 DH,1024bits
|
||||||
7 RC4-SHA SSLv3,TLSv1 2048 sha1WithRSAEncryption False
|
6 AES128-SHA SSLv3,TLSv1
|
||||||
8 RC4-MD5 SSLv3,TLSv1 2048 sha1WithRSAEncryption False
|
7 RC4-SHA SSLv3,TLSv1
|
||||||
|
8 RC4-MD5 SSLv3,TLSv1
|
||||||
|
|
||||||
|
Certificate: UNTRUSTED, 2048 bit, sha1WithRSAEncryption signature
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Exporting to JSON with the `-j` command line option:
|
||||||
|
```javascript
|
||||||
|
$ /cipherscan -j -starttls xmpp jabber.ccc.de:5222
|
||||||
|
{
|
||||||
|
"target": "jabber.ccc.de:5222",
|
||||||
|
"date": "Sat, 19 Apr 2014 11:40:40 -0400",
|
||||||
|
"ciphersuite": [
|
||||||
|
{
|
||||||
|
"cipher": "DHE-RSA-AES256-SHA",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "DH,1024bits"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cipher": "AES256-SHA",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "None"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cipher": "EDH-RSA-DES-CBC3-SHA",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "DH,1024bits"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cipher": "DES-CBC3-SHA",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "None"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cipher": "DHE-RSA-AES128-SHA",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "DH,1024bits"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cipher": "AES128-SHA",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "None"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cipher": "RC4-SHA",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "None"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cipher": "RC4-MD5",
|
||||||
|
"protocols": [
|
||||||
|
"SSLv3",
|
||||||
|
"TLSv1"
|
||||||
|
],
|
||||||
|
"pubkey": [
|
||||||
|
"2048"
|
||||||
|
],
|
||||||
|
"sigalg": [
|
||||||
|
"sha1WithRSAEncryption"
|
||||||
|
],
|
||||||
|
"trusted": "False",
|
||||||
|
"pfs": "None"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Contributors
|
||||||
|
------------
|
||||||
|
|
||||||
|
* Julien Vehent <julien@linuxwall.info> (original author)
|
||||||
|
* Hubert Kario <hkario@redhat.com>
|
||||||
|
* Pepi Zawodsky <git@maclemon.at>
|
||||||
|
* Michael Zeltner <m@niij.org>
|
||||||
|
* Simon Deziel <simon.deziel@gmail.com>
|
||||||
|
Loading…
Reference in New Issue
Block a user