tag:blogger.com,1999:blog-8539880144347728238.post75029824568403726..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Digging into SSL Cipher CheckingUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8539880144347728238.post-21776666676875982532009-12-19T20:06:56.660-05:002009-12-19T20:06:56.660-05:00These are the URL hosted on OWASP:
1. http://www.o...These are the URL hosted on OWASP:<br />1. http://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29#References<br />2. http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheetcmlhhttps://www.blogger.com/profile/16937512417517955446noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-19838996197474681352009-12-04T12:09:29.463-05:002009-12-04T12:09:29.463-05:00If you're looking for a ruby options for check...If you're looking for a ruby options for checking cipher suites, here's a script I knocked up a little while ago.<br /><br />http://www.mccune.org.uk/code/ruby-ssl-checker.rb<br /><br />planning to do a metasploit module for it soon...Rory McCunehttps://www.blogger.com/profile/02041778936182391744noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-68883672518057596082009-12-04T11:41:31.596-05:002009-12-04T11:41:31.596-05:00I've used this tool before to good effect. It ...I've used this tool before to good effect. It detects preferred ciphers as well.<br /><br />https://www.titania.co.uk/index.php?option=com_content&view=article&id=56&Itemid=68<br /><br />To add to concern, it appears that some popular modern mobile devices support weak ciphers.<br /><br />http://michael-coates.blogspot.com/2009/12/iphone-android-support-weak-ssl-ciphers.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MichaelCoates%2Fsecurity+%28Michael+Coates+Blogspot%29john askewhttps://www.blogger.com/profile/18307429191319537747noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-92075513606943523402009-12-04T10:34:40.240-05:002009-12-04T10:34:40.240-05:00sslscan, great tool, might have to disable ellipti...sslscan, great tool, might have to disable elliptic curve ciphers in the code if your openssl doesnt support it.Anonymousnoreply@blogger.com