| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Feb 2010 16:56:56 +0100 From: Thierry Zoller <Thierry@...ler.lu> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Announce - SSL Audit (alpha) [G-SEC Ltd.] Developed as part of G-SEC's investigation for the "Secure SSL/TLS configuration Report 2010" (to be published) we developed this little tool called SSL Audit. It is in alpha stage and thought it has a little interesting gimmick, don't expect too much. It implements it's own tiny SSL parsing engine and does not rely on OpenSSL or any other SSL Engine - This implies that it can detect ciphers suites not supported by OpenSSL and others. Apart from scanning available ciphersuites it has an interesting tidbit The Fingerprint mode (Experimental). Included is an experimental fingerprint engine that tries to determine the SSL Engine used server side. It does so by sending normal and malformed SSL packets that can be interpreted in different ways. SSL Audit is able to fingerprint : · IIS7.5 (Schannel) · IIS7.0 (Schannel) · IIS 6.0 (Schannel) · Apache (Openssl) · Apache (NSS) · Certicom · RSA BSAFE Blog Post : http://blog.g-sec.lu/2010/02/ssltls-audit-alpha-tool-release.html Documentation: http://www.g-sec.lu/sslaudit/documentation.pdf Regards, Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists