[Linuxtrent] SSLyzer, ottimo per analizzare connessioni SSL
- From: Roberto Resoli <roberto@xxxxxxxxxxxxxx>
- To: linuxtrent@xxxxxxxxxxxxx
- Date: Thu, 05 Mar 2015 10:02:23 +0100
https://github.com/nabla-c0d3/sslyze
Scritto in python, fa una veloce ed ottima analisi delle caratteristiche
della qualità (Cifrari, protocolli, compatibilità della catena di
certificazione offerta con vari user agent) della connessione SSL
offerta da un server target.
Es:
$ python sslyze.py --regular www.paypal.com:443
REGISTERING AVAILABLE PLUGINS
-----------------------------
PluginHSTS
PluginChromeSha1Deprecation
PluginCertInfo
PluginCompression
PluginOpenSSLCipherSuites
PluginSessionResumption
PluginHeartbleed
PluginSessionRenegotiation
CHECKING HOST(S) AVAILABILITY
-----------------------------
www.paypal.com:443 => 23.33.67.116:443
SCAN RESULTS FOR WWW.PAYPAL.COM:443 - 23.33.67.116:443
------------------------------------------------------
* Deflate Compression:
OK - Compression disabled
* Session Renegotiation:
Client-initiated Renegotiations: VULNERABLE - Server honors
client-initiated renegotiations
Secure Renegotiation: OK - Supported
* Session Resumption:
With Session IDs: OK - Supported (5 successful, 0
failed, 0 errors, 5 total attempts).
With TLS Session Tickets: OK - Supported
* Certificate - Content:
SHA1 Fingerprint:
084be8769682236828d8e9dc55901e53e8eb8432
Common Name: www.paypal.com
Issuer: VeriSign Class 3 Extended
Validation SSL CA
Serial Number: 0834E453D43A685723AFFBB133CE457C
Not Before: Apr 15 00:00:00 2014 GMT
Not After: Apr 2 23:59:59 2015 GMT
Signature Algorithm: sha1WithRSAEncryption
Key Size: 2048 bit
Exponent: 65537 (0x10001)
X509v3 Subject Alternative Name: {'DNS': ['www.paypal.com',
'history.paypal.com', 't.paypal.com', 'c.paypal.com', 'tms.paypal.com',
'tms.ebay.com']}
* Certificate - Trust:
Hostname Validation: OK - Subject Alternative Name
matches
"Mozilla NSS - 08/2014" CA Store: OK - Certificate is trusted,
Extended Validation
"Microsoft - 08/2014" CA Store: FAILED - Certificate is NOT
Trusted: certificate has expired
"Apple - OS X 10.9.4" CA Store: OK - Certificate is trusted
"Java 6 - Update 65" CA Store: OK - Certificate is trusted
Certificate Chain Received: ['www.paypal.com', 'VeriSign
Class 3 Extended Validation SSL CA', 'VeriSign Class 3 Public Primary
Certification Authority - G5']
* Certificate - OCSP Stapling:
NOT SUPPORTED - Server did not send back an OCSP response.
* OpenSSL Heartbleed:
OK - Not vulnerable to Heartbleed
* SSLV2 Cipher Suites:
Server rejected all cipher suites.
* TLSV1_2 Cipher Suites:
Preferred:
RC4-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
Accepted:
AES256-SHA - 256 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
RC4-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
RC4-MD5 - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
AES128-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
DES-CBC3-SHA - 112 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
* TLSV1_1 Cipher Suites:
Preferred:
RC4-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
Accepted:
AES256-SHA - 256 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
RC4-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
RC4-MD5 - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
AES128-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
DES-CBC3-SHA - 112 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
* SSLV3 Cipher Suites:
Server rejected all cipher suites.
* TLSV1 Cipher Suites:
Preferred:
RC4-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
Accepted:
AES256-SHA - 256 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
RC4-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
RC4-MD5 - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
AES128-SHA - 128 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
DES-CBC3-SHA - 112 bits
HTTP 301 Moved Permanently -
https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true
SCAN COMPLETED IN 4.65 S
------------------------
rob
--
Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx
Other related posts:
- » [Linuxtrent] SSLyzer, ottimo per analizzare connessioni SSL - Roberto Resoli
