[Ach] SSLyze / GnuTLS

Oliver J. Morais oliver.morais at gmail.com
Fri Nov 22 10:56:47 CET 2013


[Thu, Nov 21, 2013 at 05:53:01PM -0500] Michael Zeltner
> In case you don't know that one yet, here's SSLyze.
> http://nabla-c0d3.github.io/blog/2013/08/14/sslyze-v0-dot-7-released/ - if you
> doubt the origin, it's actually from iSECPartners
> https://github.com/iSECPartners/sslyze

Nice one, boomkarked! Thanks!

If you can't use python for "whatever reason", here is a very quick & dirty
script for getting a glimpse of ciphers supported by an smtpd:

#!/bin/sh

MAILSERVER="localhost";
PORT="25";
SHOWFAIL="0";

for SSL in ssl2 ssl3 tls1_2 tls1_1 tls1; do
  for CIPHER in `openssl ciphers -v | awk '{print $1}'`; do
    echo -e "rset\n\quit\n" | openssl s_client -connect ${MAILSERVER}:${PORT} -starttls smtp -${SSL} -cipher ${CIPHER} >/dev/null 2>&1;
    if [ $? -eq 0 ]; then
      echo "${SSL} with ${CIPHER}: OK";
    else
      if [ ${SHOWFAIL} -eq 1 ]; then
        echo "${SSL} with ${CIPHER}: FAIL";
      fi;   
    fi; 
  done;
done;



More information about the Ach mailing list