<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
I added STARTTLS-support to the SSL checking tool 'o-saft'.<span
class="c1"> It supports 8 protocols: SMTP and experimental:
ACAP, IMAP, POP3, FTPS, LDAP, RDP, XMPP.<br>
I'd be happy if you test it and could send me your experiences.<br>
<br>
</span>Alpha Release Code:<span class="c1"><br>
<a class="moz-txt-link-freetext" href="https://github.com/OWASP/O-Saft/archive/master.zip">https://github.com/OWASP/O-Saft/archive/master.zip</a><br>
<br>
Usage Examples: <br>
./o-saft.pl +cipherraw --nodns jabber.org:5222 --starttls=XMPP
--experimental<br>
</span><span class="c1">./o-saft.pl +cipherraw --nodns
jabber.org:5222 --starttls=XMPP --experimental --trace=2
(including a lot of trace information, more with 3)<br>
</span><br>
More Information:<br>
The Option '<span class="c1">+cipherraw' uses a '</span>SSLhello'-Simulation
to check all possible ciphers (even those, that are not yet
defined by IANA). This works independantly from the libraries you
have installed on your local client (see:<a moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-leaders/2014-June/011911.html">http://lists.owasp.org/pipermail/owasp-leaders/2014-June/011911.html</a>).
<br>
You can even check the ciphers of sites that are protected by a
client certificate, as the simulation ends before you need it.<br>
<br>
Podcast with the Main Developer Achim Hoffman:
<a class="moz-txt-link-freetext" href="https://soundcloud.com/owasp-podcast/achim-hoffman">https://soundcloud.com/owasp-podcast/achim-hoffman</a><br>
<br>
Kind regards<br>
Torsten<br>
<br>
Am 04.06.2014 11:42, schrieb Torsten Gigler:<br>
</div>
<blockquote
cite="mid:CA+M5M1caj2GYMi7CgLXw0G9XWe-QO_AvzEDp4OWaqkGd+vATLA@mail.gmail.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hi Aaron,<br>
<br>
</div>
<div>thanks for your Information. It seems to support a lot of
protocols. I'll have a look on it<br>
</div>
<div><br>
O-saft has been developped and maintained by Achim since
December 2012 (<a moz-do-not-send="true"
href="https://github.com/OWASP/O-Saft">https://github.com/OWASP/O-Saft</a>)
. <br>
</div>
<div>I am just helping him with the <a moz-do-not-send="true"
href="https://github.com/OWASP/O-Saft/blob/master/Net/SSLhello.pm">SSLhello.pm</a>-Module,
to be able to check ciphers and protocols that are not
supported by your local libraries of the Audit-PC.<br>
</div>
<div>We check ciphers, that are even not (yet) defined or have
been only defined in DRAFTS.<br>
<br>
</div>
<div>Kind regards<br>
</div>
<div>Torsten<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>