Hi All,
Is there a way to get one of those fancy tool in nmap to tell me the "level" (version) of SSL and/or TLS that a web site is using?
Many thanks, -T
Hi All,
Is there a way to get one of those fancy tool in nmap to tell me the "level" (version) of SSL and/or TLS that a web site is using?
The script for ssl in nmap does not deal with ssl v3.
Try this instead:
https://github.com/drwetter/testssl.sh.git
This gives you all sorts of information about the ssl version and much more.
--- Q: Why do programmers confuse Halloween and Christmas? A: Because OCT 31 == DEC 25.
On 1/22/22 12:13, ToddAndMargo via users wrote:
Is there a way to get one of those fancy tool in nmap to tell me the "level" (version) of SSL and/or TLS that a web site is using?
You're on the right track, and if you'd done a web search for "nmap scan tls", you'd probably have found a useful answer:
https://www.google.com/search?q=nmap+scan+tls
The "ssl-enum-ciphers" script will enumerate TLS versions and cipher sets for each version.
On 1/22/22 12:18, alan@clueserver.org wrote:
Hi All,
Is there a way to get one of those fancy tool in nmap to tell me the "level" (version) of SSL and/or TLS that a web site is using?
The script for ssl in nmap does not deal with ssl v3.
Try this instead:
https://github.com/drwetter/testssl.sh.git
This gives you all sorts of information about the ssl version and much more.
Found this:
https://www.ssllabs.com/ssltest/
It is pretty brutal of things out of date.
Here is google:
https://www.ssllabs.com/ssltest/analyze.html?d=google.com&s=142.250.189....
Thank you all!
On 1/23/22 01:33, Francis.Montagnac@inria.fr wrote:
Hi
On Sat, 22 Jan 2022 12:27:30 -0800 Gordon Messmer wrote:
The "ssl-enum-ciphers" script will enumerate TLS versions and cipher sets for each version.
The sslscan command does also that I think. Haven't compare them.
I LOVE that command!!! Thank you!
Here is trustwave.com's web site. You know, the ones always shaking the figure at you for not being PCI (Payment Card Industry) compliant. Good thing they do not take credit cards on that site!
$ sslscan trustwave.com Version: 2.0.6-static OpenSSL 1.1.1g 21 Apr 2020
Connected to 40.74.245.244
Testing SSL server trustwave.com on port 443 using SNI name trustwave.com.
SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 enabled TLSv1.1 enabled TLSv1.2 enabled TLSv1.3 disabled
TLS Fallback SCSV: Server does not support TLS Fallback SCSV
TLS renegotiation: Secure session renegotiation supported
TLS Compression: Compression disabled
Heartbleed: TLSv1.2 not vulnerable to heartbleed TLSv1.1 not vulnerable to heartbleed TLSv1.0 not vulnerable to heartbleed
Supported Server Cipher(s): Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 112 bits DES-CBC3-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 112 bits DES-CBC3-SHA Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 128 bits AES128-SHA