Musings on Information Security and Data Privacy: SSL/TLS Audit

Subscribe to the RSS feed in case you are interested in updates

Developed as part of G-SEC's investigation into the "Secure SSL/TLS configuration Report 2010" (to be published) we developed this little tool called SSL Audit. (More to follow in the next days - stay tuned).

SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites over all SSL and TLS versions.

Apart from scanning available ciphersuites it has an interesting tidbit : The Fingerprint mode (Experimental). Included is an experimental fingerprint engine that tries to determine the SSL Engine used server side. It does so by sending normal and malformed SSL packets that can be interpreted in different ways.

SSL Audit is able to fingerprint :

· IIS7.5 (Schannel)

· IIS7.0 (Schannel)

· IIS 6.0 (Schannel)

· Apache (Openssl)

· Apache (NSS)

· Certicom

· RSA BSAFE

Download available on the product page

0 comments

Post a Comment

About Me

Subscribe

Total Pageviews

Blog Archive

Featured Post

The importance of Psychological Safety in Cybersecurity

Popular Posts

Blogs I read

Links

Labels