This topic is likely more important than the Weak Key story I published earlier. Unfortunately, we all DO get a vote on weak encryption, and almost everyone votes wrong - - enabling the defaults, which include easily attacked crypto algorithms.
=============== |
Rob VandenBrink 557 Posts ISC Handler Jul 18th 2012 |
Thread locked Subscribe |
Jul 18th 2012 8 years ago |
This is what I use to test the ciphers.
https://www.ssllabs.com/ssltest/ Is there something better? |
NOTevil 2 Posts |
Quote |
Jul 18th 2012 8 years ago |
I've used SSLScan with good results:
http://sourceforge.net/projects/sslscan/ The 542 course also recommends several others, including scripting openssl. I think the Qualys site would be fine unless your company/client has policies restricting the use of web sites for testing. |
John 88 Posts |
Quote |
Jul 20th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!