Re: verify HTTPS 'vulnerabilities'

From: Thomas Springer (tuevsec@gmx.net)
Date: Tue Jul 26 2005 - 11:27:31 EDT

• Next message: Charbel Chalala Issa: "RES: IPS comparison"
• Previous message: NewYork User: "Security with USB Devices"
• In reply to: Dan Rogers: "verify HTTPS 'vulnerabilities'"
• Next in thread: Todd Towles: "RE: verify HTTPS 'vulnerabilities'"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dan Rogers wrote:
> List,
>
> Simple question:
>
> I have a report from Nessus telling me that a web server is offering
> 'export class' cyphers for it's SSL/TLS service. Nessus also managed
> to obtain an internal IP address from the host (which is correct).
> Only HTTPS is open.

i put an https-check based on openssl online at http://serversniff.net
that tells you about certs and allowed ciphers on your https-server.

tom

• Next message: Charbel Chalala Issa: "RES: IPS comparison"
• Previous message: NewYork User: "Security with USB Devices"
• In reply to: Dan Rogers: "verify HTTPS 'vulnerabilities'"
• Next in thread: Todd Towles: "RE: verify HTTPS 'vulnerabilities'"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:38 EDT