Search the Community
Showing results for tags 'ssl'.
A tool that I have long admired is Qualys SSL Labs. They have a quick web tool that conducts an analysis of a target's SSL/TLS configuration. Simply give it a target URL and wait for the results. It lists lots of descriptive information, including: Key Issuer Certificate Transparency OSCP Stapling Revocation status DNS CAA Trusted Supported Protocols Cipher Suites Handshake Simulation Specific Security Tests Forward Secrecy 0-RTT SNI alerts HSTS ALPN NPN and more. Some of the security tests it looks at are BEAST, POODLE (SSLv3, TLS), Zombie POODLE, GOLDENDOODLE, OpenSSL 0-Length, Sleeping POODLE, Secure Renegotiation, Downgrade Attack Prevention, RC4, Heartbeat, Heartbleed, Ticketbleed, CVE-2014-0224, CVE-2016-2107, ROBOT. It's a great tool. The best part to me, is that if there are ways in which you can improve your configuration, it highlights the suggestions and offers you links to configuration guides. With this, I will be exploring limiting support for older TLS versions (anything less than TLS 1.2). Link to website: https://www.ssllabs.com/ssltest Edit: