The sys admin's daily grind: SSLScan

Keychain for Life

Article from Issue 163/2014
Author(s):

If, like our author Charly, you manage SSL-secured servers, read on to discover a tool that you will definitely appreciate. It checks whether the complete security setup is up to date.

SSL-secured services are the rule today, rather than the exception. But, how can I quickly and easily check a large number of servers to see whether the encryption methods in use are still up to date? With the SSLScan tool [1].

In the simplest case, I can just call SSLScan with the URL of the website that I want to test: sslscan example.com. Listing 1 shows that SSLScan simply tried a long list of ciphers and returned a status of Accepted, Rejected, or Failed for each one.

However, I am primarily interested in what ciphers the server accepts, not what it rejects. The following command:

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column – TLS Interposer

    Many of the recent Linux exploits are the result of vulnerabilities in SSL libraries. TLS Interposer can help calm the waves.

    more »
  • Charly's Column – testssl.sh

    Back in the day, integrating and function testing an SSL certificate was an easy thing to do. Now, you can use a shell script that talks plain English, despite the Babylonian confusion of key protocols and ciphers.

    more »
comments powered by Disqus