MozillaWiki

Security/Server Side TLS: Difference between revisions

Page Discussion

Security/Server Side TLS (view source)

Revision as of 18:03, 14 October 2013

332 bytes added ,  14 October 2013
→‎CipherScan
No edit summary
Line 394: Line 394:
See https://github.com/jvehent/cipherscan
See https://github.com/jvehent/cipherscan


Cipherscan is a small Bash script that connects to a target and list the preferred Ciphers. It's an easy way to test a web server for available ciphers.
Cipherscan is a small Bash script that connects to a target and list the preferred Ciphers. It's an easy way to test a web server for available ciphers, but not as comprehensive as SSLLabs.


The script also calculates an average handshake time in milliseconds for each cipher, but performing a given handshake X number of times.
The example below shows the expected output of CipherScan with the recommended ciphersuite, on a properly configured Nginx.


The example below shows the expected output of CipherScan with the recommended ciphersuite.
<source lang="bash">
<pre>
$ ./CiphersScan.sh jve.linuxwall.info:443
$ ./CiphersScan.sh localhost:443 -v
prio  ciphersuite                  protocol  pfs_keysize
[....]
1    ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2  ECDH,P-256,256bits
prio  ciphersuite                  avg_handshake_ms
2    ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2  ECDH,P-256,256bits
1    ECDHE-RSA-AES256-GCM-SHA384 20
3    DHE-RSA-AES256-GCM-SHA384    TLSv1.2  DH,4096bits
2    ECDHE-RSA-AES128-GCM-SHA256 19
4    DHE-RSA-AES128-GCM-SHA256   TLSv1.2  DH,4096bits
3    ECDHE-RSA-RC4-SHA            18
5    ECDHE-RSA-AES128-SHA256      TLSv1.2  ECDH,P-256,256bits
4    DHE-RSA-AES256-GCM-SHA384   22
6    ECDHE-RSA-AES128-SHA        TLSv1.2  ECDH,P-256,256bits
5    DHE-RSA-AES128-GCM-SHA256    22
7    ECDHE-RSA-AES256-SHA384      TLSv1.2  ECDH,P-256,256bits
6    ECDHE-RSA-AES256-SHA384      19
8    ECDHE-RSA-AES256-SHA        TLSv1.2  ECDH,P-256,256bits
7    ECDHE-RSA-AES256-SHA        19
9    DHE-RSA-AES128-SHA256        TLSv1.2  DH,4096bits
8    ECDHE-RSA-AES128-SHA256      19
10    DHE-RSA-AES128-SHA           TLSv1.2  DH,4096bits
9    ECDHE-RSA-AES128-SHA        19
11    DHE-RSA-AES256-SHA256        TLSv1.2  DH,4096bits
10    RC4-SHA                     16
12    AES128-GCM-SHA256            TLSv1.2
11    DHE-RSA-AES256-SHA256        22
13    AES256-GCM-SHA384            TLSv1.2
12    DHE-RSA-AES256-SHA          22
14    ECDHE-RSA-RC4-SHA           TLSv1.2  ECDH,P-256,256bits
13    DHE-RSA-CAMELLIA256-SHA      22
15    RC4-SHA                      TLSv1.2
14    AES256-GCM-SHA384           17
16    DHE-RSA-AES256-SHA           TLSv1.2  DH,4096bits
15    AES256-SHA256                17
17    DHE-RSA-CAMELLIA256-SHA     TLSv1.2  DH,4096bits
16    AES256-SHA                   17
18    AES256-SHA256               TLSv1.2
17    CAMELLIA256-SHA             17
19    AES256-SHA                  TLSv1.2
18    DHE-RSA-AES128-SHA256       23
20    CAMELLIA256-SHA             TLSv1.2
19    DHE-RSA-AES128-SHA           23
21   DHE-RSA-CAMELLIA128-SHA      TLSv1.2  DH,4096bits
20   DHE-RSA-CAMELLIA128-SHA      22
22    AES128-SHA256                TLSv1.2
21    AES128-GCM-SHA256            17
23    AES128-SHA                  TLSv1.2
22    AES128-SHA256                17
24    CAMELLIA128-SHA              TLSv1.2
23    AES128-SHA                  17
</source>
24    CAMELLIA128-SHA              17
</pre>


= SSL Labs (Qualys) =
= SSL Labs (Qualys) =
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/728728"