Thursday, May 16, 2019

Apache SSL and ciphersuites

Useful commands and links

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite


openssl ciphers -v

http://www.openssl.org/docs/apps/ciphers.html

httpd -v
httpd -V

https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

openssl s_client -connect 129.123.123.112:443

yum list all
yum install nmap


nmap -p 443 --unprivileged -script ssl-enum-ciphers 129.123.123.112

https://www.tecklyfe.com/nmap-script-test-ssl-versions-cipher-suites/

SSLCipherSuite HIGH:!aNULL:!MD5

SSLCipherSuite HIGH:!aNULL:!MD5:!SSLv3:!TLSv1

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: No supported ciphers found
|   TLSv1.0: No supported ciphers found
|   TLSv1.1: No supported ciphers found
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors: 
|       NULL
|_  least strength: strong





https://en.wikipedia.org/wiki/Évariste_Galois

talking about GCM ciphers https://en.wikipedia.org/wiki/Galois/Counter_Mode






No comments: