[Ach] Thanks for the Logjam blog-post
Axel Huebl
axel.huebl at plasma.ninja
Thu May 21 16:34:02 CEST 2015
On 21.05.2015 15:47, Hanno Böck wrote:
> On Thu, 21 May 2015 15:44:18 +0200
> Axel Huebl <axel.huebl at plasma.ninja> wrote:
>
>> server=bettercrypto.org && echo | openssl s_client -connect
>> $server:443 -msg -cipher "DH" 2>/dev/null | grep -A 1
>> "ServerKeyExchange" | tail -n1 | awk '{print strtonum("0x"$5$6)*8}'
>
> if you add -servername $server it'll also work with SNI.
>
> This is not as insignificant as it may sound. E.g. latest apache
> versions try to align the DH group with the cert, so it's quite likely
> that a server wil answer with different groups on different hosts. If
> you have a 2048 bit rsa cert it'll use a 2048 bit group etc.
>
absolutely, thanks for the note!
server=bettercrypto.org && echo | openssl s_client -servername $server \
-connect $server:443 -msg -cipher "DH" 2>/dev/null | \
grep -A 1 "ServerKeyExchange" | tail -n1 | \
awk '{print strtonum("0x"$5$6)*8}'
for the linux users out there (no need to merge that, but I like plain
scripts):
https://github.com/hannob/primecheck/pull/1/files
Axel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150521/f751f6ec/attachment.sig>
More information about the Ach
mailing list