The sys admin's daily grind – testssl.sh

A Key Role

Article from Issue 190/2016
Author(s):

Back in the day, integrating and function testing an SSL certificate was an easy thing to do. Now, you can use a shell script that talks plain English, despite the Babylonian confusion of key protocols and ciphers.

Web servers with SSL certificates will likely be the rule. The administrator's responsibility for keeping track of which SSL and TLS settings are up to date on which servers tends to grow proportionally. I have found a trusty helper for this task, testssl.sh [1], a shell script with many capabilities. For example, typing

testssl -U https://<server>

runs scan tests for popular exploits like Heartbleed, Poodle, and Crime (see output in Listing 1), and I can trigger each test option individually. To discover whether a server is vulnerable for Logjam, I would just type:

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column: SSLScan

    If, like our author Charly, you manage SSL-secured servers, read on to discover a tool that you will definitely appreciate. It checks whether the complete security setup is up to date.

    more »
  • Charly's Column – Socket Statistics

    Most sys admins use netstat to find out about the status of network sockets, but Charly knows a good shortcut.

    more »
  • Charly's Column – Let's Encrypt

    Columnist Charly fights the fight for free SSL certificates with Let's Encrypt. He particularly likes the matching software client that takes care of everything – from certificate retrieval to web server integration.

    more »
  • Charly's Column – Precise Timekeeping

    After the idea of procuring an atomic clock failed to thrill the other members of Charly's household, our intrepid columnist simply decided to tap into the timekeeping of a GPS satellite. In doing so, he ensured the kind of punctuality at home that only large data centers actually need. Precisely.

    more »
  • The sys admin's daily grind: DNSDiag

    If some transactions take an inexplicably long time, you don't have to blame yourself for the delayed transmission of user data. Name resolution issues might be to blame. Sys admin Charly has three tools to study the DNS server.

    more »
comments powered by Disqus