[Ach] FYI: nginx Ciper Suite Testergebnissse

christian mock cm at coretec.at
Thu Nov 14 17:53:28 CET 2013


On Tue, Nov 12, 2013 at 04:37:24PM +0100, Pepi Zawodsky wrote:
> 
> >> https://www.ssllabs.com/ssltest/analyze.html?d=maclemon.at
> > Wenn https://maclemon.at die Testadresse
> 
> Looks like we're hitting a pattern.
> 2.3.x cannot connect successfully.
> 4.x work fine.
> 
> In MY test 2.2.3 could not connect, but that is likely due to MY setup! Adi suggested, that this release should be able to connect.
> 
> Here's a list of supported ciphers in Android 4.2.2
> http://pastebin.com/uy9VXJnK
> 
> I hope to get more details on 2.3 and older releases of Android.

As discussed yesterday, I'll fire up all available versions of android
in the emulator over the weekend, and will generate the list of
supported ciphers for each.

I'll also try to get a "debugging" server coded, so that one can
connect to it and get a nicely formatted list of the ciphersuites the
client supports. 

(This is primarily because I'm a virtuous[0] sysadmin and want to
automate the android task, and I got as far as calling the default
browser with a target URL, but found no way to get the damn HTML out
of the browser. Second reason: we'll need to gather data on other
clients too, mail, XMPP, etc)

cm.

[0] a.k.a. "lazy" ;-)

-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.



More information about the Ach mailing list