[Ach] Thanks for the Logjam blog-post

[Axel Hübl]

On 21.05.2015 14:06, Axel Hübl wrote:
> On 21.05.2015 14:01, Max Maass wrote:
>> It does indeed not work on Linux:
>> $ openssl s_client -connect bettercrypto.org:443 -cipher "DHE"
>> error setting cipher list
>> 140323196081824:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
>> cipher match:ssl_lib.c:1314:
>>
>> (Using Ubuntu Server 14.04.2 and other Ubuntu-derivates)
>>
>> Was wondering about that when I tried it, would be interested in what
>> the correct commands would be on those systems to check my own servers.
>>
>> Max
>>
>> On 21.05.2015 13:33, Pepi Zawodsky wrote:
>>> Hoi!
>>
>>>> On 21 May 2015, at 12:01, L. Aaron Kaplan <kaplan at cert.at>
>>>> wrote:
>>>>
>>>> https://bettercrypto.org/blog/2015/05/20/tls-logjam/
>>>>
>>>> Thanks Pepi, nice testing instructions!
>>> Thanks, and thanks to Azet for checking my writing! Hadn’t had a
>>> chance to test on Linux yet, got a message that it wouldn’t work
>>> there. No idea why it wouldn’t but couldn’t test yet. If noone can
>>> give it a quick copy/paste test I’ll hopefully get to it in the
>>> late afternoon. (I’m surrounded by BSDs here. :-) )
>>
>>
>>>> Great write-up (in german) by Hanno as well:
>>>> http://www.golem.de/news/logjam-angriff-schwaeche-im-tls-verfahren-gefaehrdet-zehtausende-webseiten-1505-114161.html
>>
>>>>
>> It’s in the links on the better crypto site and I agree, great article.
>>
>>
>>> Best regards Pepi
> 
> for me
> 
>   openssl s_client -connect bettercrypto.org:443 -cipher "EDH"
> 
> and
> 
>   openssl s_client -connect bettercrypto.org:443 -cipher "DH"
> 
> seem to work on linux.
> 
> openssl version
> OpenSSL 1.0.1k 8 Jan 2015
> 
> Axel
> 

ah too bad, that prints only the pubkey bits....


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150521/51a6eced/attachment.sig>