Testing Cipher Strength
| Problem | Solution | Example | Reference | Recommended | |
|
|||||
| Problem | Solution | Example | Reference | Recommended | |
|
|||||
| Problem | Solution | Example | Reference | Recommended |
|
The following script spins around 40, 56 and 64 bit ciphers - to check the lowest a site allows. Ideally none of these ciphers should be allowed (check out www.modssl.org for apache config - look for ciphersuite). openssl_cipher_check will produce the cipher details from the cipher codes returned in connection output. If you need proxy support with s_client comment on this thread. #!/bin/bash
[ $# -lt 1 ] && { echo "$0: site:port" fortyciphers='EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5' fiftysixciphers='EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5' sixtyfourciphers='RC4-64-MD5' grabCipher() { cipher=$1 echo " EOT } site=$1 echo "$site" for na in forty fiftysix sixtyfour eval ciphers="\$${na}ciphers" thiscipher=`grabCipher $ciphers $site 2>&1 | awk ' /Cipher/ { print $NF } '` [[ $(echo $thiscipher | grep -c "^$") -ne 1 ]] && { openssl ciphers -v $thiscipher done echo "No 40, 56 or 64 bit ciphers supported" exit 0 |
||||
June 26th, 2008 at 10:44 pm
The bash script under the examples tab found on:
http://unix.coding-school.com/testing-cipher-strength/
appears to be damaged.
June 27th, 2008 at 7:25 am
Hi Chris,
Thanks for that. It was good ol’ wordpress substituting my quotes and ampersands on the fly!
Should be okay now.
Cheers,
Marcus