[Ach] SSLyze / GnuTLS
Oliver J. Morais
oliver.morais at gmail.com
Fri Nov 22 10:56:47 CET 2013
[Thu, Nov 21, 2013 at 05:53:01PM -0500] Michael Zeltner
> In case you don't know that one yet, here's SSLyze.
> http://nabla-c0d3.github.io/blog/2013/08/14/sslyze-v0-dot-7-released/ - if you
> doubt the origin, it's actually from iSECPartners
> https://github.com/iSECPartners/sslyze
Nice one, boomkarked! Thanks!
If you can't use python for "whatever reason", here is a very quick & dirty
script for getting a glimpse of ciphers supported by an smtpd:
#!/bin/sh
MAILSERVER="localhost";
PORT="25";
SHOWFAIL="0";
for SSL in ssl2 ssl3 tls1_2 tls1_1 tls1; do
for CIPHER in `openssl ciphers -v | awk '{print $1}'`; do
echo -e "rset\n\quit\n" | openssl s_client -connect ${MAILSERVER}:${PORT} -starttls smtp -${SSL} -cipher ${CIPHER} >/dev/null 2>&1;
if [ $? -eq 0 ]; then
echo "${SSL} with ${CIPHER}: OK";
else
if [ ${SHOWFAIL} -eq 1 ]; then
echo "${SSL} with ${CIPHER}: FAIL";
fi;
fi;
done;
done;
More information about the Ach
mailing list