4e0e03b61e
make default output more narrow
...
If server uses the same certificate for all connections, it's
useless to print the same information over and over.
In such case, omit those columns and print a summary at the end
2014-04-06 18:01:13 +02:00
9931ca2a2d
update README with new examples
...
New features = new examples
2014-04-05 19:40:19 +02:00
f04567d40e
check if certificate used by server is trused
...
Use system trust anchors to check if certificate chain used by server
is actually valid.
2014-04-05 19:36:51 +02:00
946cc6a9ac
Report the signature type used on server certificate
...
Parse the certificate used by server and report the signature used:
prio ciphersuite protocols pubkey_size signature_algorithm pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ecdsa-with-SHA512 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
4 AECDH-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None ECDH,P-256,256bits
5 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
6 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption RSA,512bits
2014-04-05 19:23:04 +02:00
f9fdd62a59
report key size used in server's certificate
...
Extend the report to show also server certificate key size:
prio ciphersuite protocols pubkey_size pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
4 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
5 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 RSA,512bits
2014-04-05 19:23:04 +02:00
32eba4e644
update examples from README
...
since now the scan reports protocols correctly, update the example
to illustrate that
2014-04-05 18:47:37 +02:00
ac3e5f4d62
Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2
...
Previously scan would report:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
Now it correctly reports:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2014-04-05 18:47:37 +02:00
afcc92db02
Merge pull request #5 from mzeltner/master
...
Cleaned up options and documented custom OpenSSL build
2014-04-04 21:26:59 -04:00
05bd24b405
Cleaning up old style, fixing --allciphers
2014-04-04 20:46:40 -04:00
bf48cd2a3c
Documenting how to build OpenSSL with ChaCha20-Poly1305
...
Also updating README.md with new options by MacLemon
2014-04-01 14:29:55 -04:00
45f0f3305d
Merge branch 'master' of https://github.com/MacLemon/cipherscan
2014-04-01 13:04:08 -04:00
49214fc508
Verbose and Debug output go to stderr now. Added simple --delay function.
2014-02-18 02:05:26 +01:00
8480e63ff7
Fixing a typo
2014-02-14 20:44:15 +01:00
3282c2c3a5
Improved reference of switches documentation formatting.
2014-02-10 19:46:46 +01:00
0282ae9209
Added simple debug function
2014-02-08 18:37:30 +01:00
0d93b5d37e
Updated README to reflect the changes in cipherscan.
2014-02-08 17:07:54 +01:00
490c86c43e
Changed grep invocation to prevent strange grep versions to balk on -E
2014-02-08 01:14:40 +01:00
26b52d4e17
Make mktemp obsolete
...
We have pipes, we shall use them!
2014-02-07 00:56:31 +01:00
57f41d7376
Fixed variable renaming.
2014-02-06 23:32:12 +01:00
9e5ce9cca3
Removed neccessity for timeout, thanks to mzeltner. Better parameter parsing with short- and longoptions. Can now pass a path to use any openssl. Now works on OS X.
2014-02-06 23:26:19 +01:00
1f92094b3d
Merge pull request #4 from mzeltner/master
...
Support s_client args, give -starttls example. Contributed by mzeltner.
2014-02-02 18:15:27 -08:00
5c07a6e552
Support s_client args, give -starttls example
2014-02-02 15:41:16 +01:00
ae5d7ad15c
Merge branch 'master' of github.com:jvehent/cipherscan
2014-01-31 10:24:02 -05:00
b3ca13a5ae
Rebuilt openssl to support ChaCha20/Poly1305. Test against google servers.
2014-01-31 10:22:21 -05:00
5e8b495a18
added many tests
2014-01-11 01:07:32 +00:00
1414973531
basic results parsing script in python
2014-01-10 05:50:03 +00:00
f3c8b24b8b
tweaks
2014-01-09 20:16:40 +00:00
5df0fe3d52
Merge branch 'master' of github.com:jvehent/cipherscan
2014-01-09 11:53:54 -05:00
19d443b8fe
OpenSSL binary location fix
2014-01-09 11:52:43 -05:00
e4ea957c8d
Script to scan Alexa's top 1m websites
2014-01-09 11:52:17 -05:00
26948cbccf
Merge pull request #3 from simondeziel/clean-temp
...
Cleanup old temp files when a connection failed
2014-01-07 19:04:43 -08:00
93ee5e3f33
Cleanup old temp files when a connection failed
2014-01-07 18:32:09 -05:00
af7b4ce18c
Rename CiphersScan to cipherscan
2013-12-09 11:01:30 -05:00
34a011ab71
Better doc
2013-12-09 10:40:23 -05:00
f7c159b568
Support JSON output with -json
2013-12-09 10:16:45 -05:00
4420db6f9b
prevent http keep-alive from blocking the scan
2013-11-20 11:51:37 -05:00
7c55288a7e
Fix test of all ciphers individually
2013-11-20 10:47:59 -05:00
d6556f5620
Progress indicator
2013-11-20 10:47:23 -05:00
889a75722d
doc update
2013-11-20 10:33:58 -05:00
a0e4f96a7b
Test all versions of SSL and TLS
2013-11-20 10:30:45 -05:00
69087f27ac
User larger list of cipher with COMPLEMENTOFALL
2013-11-20 10:30:14 -05:00
eaa586a1fa
add comment for system openssl
2013-11-20 09:30:52 -05:00
d794fa75ee
Added OpenSSL License
2013-11-05 15:53:55 -05:00
ee3200ebe5
remove last entry NONE
2013-11-05 15:51:00 -05:00
5a483775d7
Updated README
2013-09-26 09:33:22 +02:00
627701ec63
Add PFS key size to results
2013-09-24 17:02:31 +02:00
4a51ef71d6
Added protocol
2013-08-07 10:40:03 -04:00
d2b82ed871
Added option to scan all known ciphers "-a"
2013-08-03 22:07:13 -04:00
f5ff56344a
Use local openssl & return microseconds for benchmark
2013-07-19 09:45:06 -04:00
a651af9857
Updated README
2013-07-18 21:01:44 -04:00
Hubert Kario
Julien Vehent
Michael Zeltner
Pepi Zawodsky
Simon Deziel