[Ach] Thanks for the Logjam blog-post
Hanno Böck
hanno at hboeck.de
Thu May 21 15:47:49 CEST 2015
On Thu, 21 May 2015 15:44:18 +0200
Axel Huebl <axel.huebl at plasma.ninja> wrote:
> server=bettercrypto.org && echo | openssl s_client -connect
> $server:443 -msg -cipher "DH" 2>/dev/null | grep -A 1
> "ServerKeyExchange" | tail -n1 | awk '{print strtonum("0x"$5$6)*8}'
if you add -servername $server it'll also work with SNI.
This is not as insignificant as it may sound. E.g. latest apache
versions try to align the DH group with the cert, so it's quite likely
that a server wil answer with different groups on different hosts. If
you have a 2048 bit rsa cert it'll use a 2048 bit group etc.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150521/8fae742a/attachment.sig>
More information about the Ach
mailing list