Jump to content

Search the Community

Showing results for tags 'ssl'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cyber Security
    • Application Security
    • Information Security
    • Network Security
    • Penetration Testing
    • Social Engineering
    • OSINT
  • Computer Science
    • Hardware
    • Software
    • Operating Systems
    • Programming
    • IT, Engineering, Mathematics
    • Design, Modeling, Animation
  • General
    • Other Discussions
    • Linktionary
    • Media & Games

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. A tool that I have long admired is Qualys SSL Labs. They have a quick web tool that conducts an analysis of a target's SSL/TLS configuration. Simply give it a target URL and wait for the results. It lists lots of descriptive information, including: Key Issuer Certificate Transparency OSCP Stapling Revocation status DNS CAA Trusted Supported Protocols Cipher Suites Handshake Simulation Specific Security Tests Forward Secrecy 0-RTT SNI alerts HSTS ALPN NPN and more. Some of the security tests it looks at are BEAST, POODLE (SSLv3, TLS), Zombie POODLE, GOLDENDOODLE, OpenSSL 0-Length, Sleeping POODLE, Secure Renegotiation, Downgrade Attack Prevention, RC4, Heartbeat, Heartbleed, Ticketbleed, CVE-2014-0224, CVE-2016-2107, ROBOT. It's a great tool. The best part to me, is that if there are ways in which you can improve your configuration, it highlights the suggestions and offers you links to configuration guides. With this, I will be exploring limiting support for older TLS versions (anything less than TLS 1.2). Link to website: https://www.ssllabs.com/ssltest Edit:
×
×
  • Create New...