[Ach] Dovecot DH parameters
Torsten Gigler
torsten.gigler at owasp.org
Tue Feb 10 16:58:09 CET 2015
Hi,
you could try OWASP O-Saft (https://www.owasp.org/index.php/O-Saft).
The 'Test Version' supports nearly the whole of its functionalty also for
STARTTLS like IMAP and POP3.
It checks for all ciphers reliably and independently from your client (
o-saft.pl +cipherall, or the tiny add-on-tool checkAllCiphers.pl). This is
done by simulating a client sending a sslHello and evaluating the sslHello
sent from the server. (Please compare it to other tools that depend on your
local library:
https://www.owasp.org/images/1/19/Richtig_verschluesseln_mit_SSL%2BTLS_-_Achim_Hoffmann%2BTorsten_Gigler.pdf
[p.14], sorry it is in German.
The check of the length of the DH parameters is not implemented yet, but on
the roadmap (with high priority). We plan to use also our simulation to get
this informatiuon. If you like to volunteer, geat ;-)
All other options use '*Net::SSLeay'* as library.
I hope it helps.
Kind regards
Torsten
2015-02-10 16:02 GMT+01:00 Seth <list at sysfu.com>:
> On Tue, 10 Feb 2015 06:54:22 -0800, L. Aaron Kaplan <kaplan at cert.at>
> wrote:
>
>> I've been trying to reach the operator of this service a couple of
>>> times.
>>> They have a bug that they completely break if your name contains a
>>> special character - therefore I can't even test my servers. The results
>>> are mostly intransparent and it doesn't have any details (like no info
>>> about DH parameters, which was our questio to begin with).
>>>
>>
> Yes, ironically there's a bug that has prevented me from testing my own
> mail server too, however it works on the majority of other mail servers I
> test it on. I've bugged Einar the author about it a few times, but I think
> the project is not a priority for him right now or he's lost interest.
>
> * http://checktls.com/
>>>>
>>>
>>> Doesn't seem to do much tls config checking.
>>>
>>
> Poor choice of words on my part, it's rather basic, mostly just checks for
> certs and TLS support. Console output spits out the certs in the chain and
> the other SMTP commands and responses.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20150210/dea6ff55/attachment.html>
More information about the Ach
mailing list