SSL(Secure Sockets Layer 安全套接層),及其繼任者傳輸層安全(Transport Layer Security,TLS)是為
網絡通信提供安全及數據完整性的一種安全協議。TLS與SSL在傳輸層對網絡連接進行加密,而老舊的加密協議
可能會帶來安全隱患,在freebuf上看到有人介紹過一款工具(sslciphercheck v1.4.2),拿來試試效果還不錯。
sslciphercheck v1.4.2特性:
Features -------- - Console - Supports SSLv2 - Supports SSLv3 - Supports TLSv1 - Checks all SSL ciphers supported by OpenSSL - Retrieves the SSL certificate info including SGC - Performs a HTTP request to ensure that the protocol/algorithm connection is valid - Parses out the HTTP response header and displays to console e.g. HTTP/1.1 200 OK or HTTP/1.1 301 Moved Permanently etc - Can output each successful HTTP response to a file in the format: PROTOCOL_ALGORITHM_STRENGTH.html e.g. SSLv3_AES256-SHA_256.html (-t) - Can perform a keyword(s) match on the HTML response (-m) - Alerts for certificate issues such as expired, invalid cert chain, incorrect subject name etc - Colourised output to alert if weak ciphers are in use or SSLv2 supported - Colourised output to alert on certificate issues - Checks for SSL renegotiation issues
使用實例:
