RE: verify HTTPS 'vulnerabilities'

From: Todd Towles (toddtowles@brookshires.com)
Date: Tue Jul 26 2005 - 17:02:41 EDT

• Next message: Michael Sierchio: "Re: verify HTTPS 'vulnerabilities'"
• Previous message: Charbel Chalala Issa: "RES: IPS comparison"
• Maybe in reply to: Dan Rogers: "verify HTTPS 'vulnerabilities'"
• Next in thread: Michael Sierchio: "Re: verify HTTPS 'vulnerabilities'"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Would SSLDigger from Foundstone not work? For at least part of the
testing?

> -----Original Message-----
> From: Thomas Springer [mailto:tuevsec@gmx.net]
> Sent: Tuesday, July 26, 2005 10:28 AM
> To: pen-test@securityfocus.com
> Cc: Dan Rogers
> Subject: Re: verify HTTPS 'vulnerabilities'
>
> Dan Rogers wrote:
> > List,
> >
> > Simple question:
> >
> > I have a report from Nessus telling me that a web server is
> offering
> > 'export class' cyphers for it's SSL/TLS service. Nessus
> also managed
> > to obtain an internal IP address from the host (which is correct).
> > Only HTTPS is open.
>
> i put an https-check based on openssl online at
> http://serversniff.net that tells you about certs and allowed
> ciphers on your https-server.
>
> tom
>

• Next message: Michael Sierchio: "Re: verify HTTPS 'vulnerabilities'"
• Previous message: Charbel Chalala Issa: "RES: IPS comparison"
• Maybe in reply to: Dan Rogers: "verify HTTPS 'vulnerabilities'"
• Next in thread: Michael Sierchio: "Re: verify HTTPS 'vulnerabilities'"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:38 EDT