lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 5 Jan 2011 22:12:46 +0000
From: Darren McDonald <athena@...donald.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Athena SSL Cipher Check v0.6.2

Athena SSL Cipher Check has been updated to version 0.6.2, and
contains some important bug fixes.

Download it from http://dmcdonald.net/athena-ssl-cipher-check_v062.tar.gz

athena-ssl-cipher-check is an SSL Cipher scanner. Unlike most
scanners, rather than scanning the
few ciphers openssl supports, it checks for every possible cipher by
enumerating all 65536 cipher codes.

<arse covering>
Id recommended runnning it along another checker, as while athena is
becoming more reliable, I imagine there are some more bugs out there.
Athena's rather aggressive implementation of SSL/TLS can sometimes
break stuff, dont run it against critical live infrastructure! :)
</arse covering>

I'd be greatful for any bugs/comments you have.

26 Aug 2010 - Update v0.521
* It appears I left a bit of debug code which outputed '*' symbols.
v0.521 should fix this

8 Sept 2010 - Update v0.53
* The time it takes Athena to run has been reduced by about 20-50%
* A bug where Athena incorrectly reported it was scanning first and
second arguements,
even if they were options has been corrected

27 Oct 2010 - Update v0.6
* Bug fixed which sometimes prevented athena from seeing some sslv2 ciphers
* Includes a client side cipher checker
* Can now identify over 200 cipher codes

5 Jan 2011 - Update v0.62
* Bug fixed which sometimes prevents athena seeing some ciphers (thanks Dom)
* Bug fixed which sometimes caused athena to erronously report known
ciphers as unknown
* --lazy mode added which advises on which ciphers to disable (Thanks
to other Dom)
* --safe mode which allows athena to work with webservers which do not
follow the RFCs and ignore the first ciphersuite size byte.
* General code tidy
* Added another SSLv2 cipher (8 total)
* Can now identify 215 SSLv3/TLSv1 Ciphers

Thanks,

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ