There is an excellent stand-alone tool for doing this - it can be
downloaded the source code from
<URL: http://www.pvv.ntnu.no/~josteitv/papers/ssl_vuln_code.tar.gz >
<<It's a couple of years since I wrote the application, ... using gcc in
Cygwin and it compiled just fine.
...Compile using 'gcc -o SSLCipherCheck
sslciphercheck.c tcp_common.c'
and run './SSLCipherCheck.exe -h' to see the options.
Example run:
$ ./SSLCipherCheck.exe -3 www.komplett.no 443 SSL_NULL_WITH_NULL_NULL
NOT supported
SSL_RSA_WITH_NULL_MD5 NOT supported
SSL_RSA_WITH_NULL_SHA NOT supported
SSL_RSA_EXPORT_WITH_RC4_40_MD5 supported [...]
> P.S.: Or is it really standalone and not depending on many other large
> libraries? If so, do you have a Makefile for it?
It is really a standalone application. No other libs (other than the
standard libraries and POSIX networking libraries are needed).>>
Best to use with
SSLCipherCheck.exe -2 -3 -t bugs.privasphere.com 8443 | sort -k2
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
