Welcome! Log In Create A New Profile

Advanced

Mozilla SSL Config Generator

mex
October 23, 2014 08:25AM
nice! http://mozilla.github.io/server-side-tls/ssl-config-generator/

did not tested all profiles, but intermediates gives A+ on ssllabs,
supports every browser expect winxp/ie6

and has all the goodies enabled

$ ./testssl.sh example.com

#########################################################
testssl.sh v2.1alpha (https://testssl.sh)

--> Testing Protocols

SSLv2 Local problem: /usr/bin/openssl doesn't support "s_client -ssl2"
SSLv3 not offered (OK)
TLSv1 offered (OK)
TLSv1.1 offered (OK)
TLSv1.2 offered (OK)
SPDY/NPN not offered

--> Testing standard cipher lists

Null Cipher not offered (OK)
Anonymous NULL Cipher not offered (OK)
Anonymous DH Cipher not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Cipher (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Cipher not offered (OK)
Triple DES Cipher offered
Medium grade encryption not offered
High grade encryption offered (OK)

--> Testing server defaults (Server Hello)

Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256

Server key size 2048 bit
TLS server extensions server name, renegotiation info, EC point formats, session ticket, heartbeat
Session Tickets RFC 5077 300 seconds
OCSP stapling not offered

--> Testing specific vulnerabilities

Heartbleed (CVE-2014-0160), experimental not vulnerable (OK) , timed out
CCS (CVE-2014-0224), experimental not vulnerable (OK)
Renegotiation (CVE 2009-3555) not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH =HTTP Compression, experimental uses gzip compression (only "/" tested)

--> Testing HTTP Header response

HSTS 182 days (15768000 s)
Server (None, interesting!)



--> Checking RC4 Ciphers

no RC4 ciphers detected (OK)

--> Testing (Perfect) Forward Secrecy (P)FS)

PFS seems generally available. Now testing specific ciphers ...

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
--------------------------------------------------------------------------------------------------------------------
[0xc030] ECDHE-RSA-AES256-GCM-SHA384 ECDH AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[0x9f] DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[0x6b] DHE-RSA-AES256-SHA256 DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0x39] DHE-RSA-AES256-SHA DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
[0x88] DHE-RSA-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
[0xc028] ECDHE-RSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[0xc014] ECDHE-RSA-AES256-SHA ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[0xc02f] ECDHE-RSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[0xc027] ECDHE-RSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[0x9e] DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0x67] DHE-RSA-AES128-SHA256 DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0x33] DHE-RSA-AES128-SHA DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
[0x45] DHE-RSA-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
[0xc013] ECDHE-RSA-AES128-SHA ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Please note: detected PFS ciphers don't necessarily mean any client/browser will use them
Subject Author Posted

Mozilla SSL Config Generator

mex October 23, 2014 08:25AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 92
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready