[Ach] Audit tool to audit your ciphers: OWASP 'O-Saft'

Torsten Gigler torsten.gigler at owasp.org
Wed Jun 4 11:42:31 CEST 2014

Hi Aaron,

thanks for your Information. It seems to support a lot of protocols. I'll
have a look on it

O-saft has been developped and maintained by Achim since December 2012 (
https://github.com/OWASP/O-Saft) .
I am just helping him with the SSLhello.pm
<https://github.com/OWASP/O-Saft/blob/master/Net/SSLhello.pm>-Module, to be
able to check ciphers and protocols that are not supported by your local
libraries of the Audit-PC.
We check ciphers, that are even not (yet) defined or have been only defined

Kind regards

2014-06-03 18:46 GMT+02:00 Aaron Zauner <azet at azet.org>:

> Hi Torsten,
> Torsten Gigler wrote:
> > Hi,
> >
> > perhaps this is interesting for the Tools-Section/Command line tools:
> > https://www.owasp.org/index.php/O-Saft
> > OWASP o-saft is a SSL audit tool for testers / OWASP SSL advanced
> > forensic tool
> >
> > With the new alpha feature '+cipherall' it simulates the SSL/TLS
> > handshake and checks ciphers independently from the locally installed
> > crpto tool (like openssl).
> > STARTTLS for this Mode is also coming soon.
> Have you taken a look at sslyze? It's developed and actively maintained
> by iSECpartners: https://github.com/iSECPartners/sslyze
> Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140604/ea65e24c/attachment.html>

More information about the Ach mailing list