Re: Verifying Encryption
For your VPN, go to dnsleaktest.com to check for DNS leaks, whatismyipaddress.com to check if your VPN is leaking your IP address, and ipleak.net to perform a P2P torret test. To do these:* first, go to dnsleaktest.com. If the data there matches your actual ISP, country and such, your not secured by your VPN when doing DNS requests.* Next, go to whatismyipaddress.com and determine if your IP is your actual IP or your VPN's IP. If it is your real IP, your VPN is pretty much useless.* Finally, go to ipleak.net, download the torrent file in your favorite torrent client and look at the data it shows there. If it shows - again -- your actual IP, your VPN is not secure, since the torrent should only be able to track your VPN IP.This post has more informationFor non-HTTPS stuff, Quallies SSLLabs may work, though I doubt it (its mainly for looking at websites). You can either packet sniff it with wireshark and find a way to use it despite your problems with it, or run the following command in the terminal:# check that SSL even worksopenssl s_client -connect host:port# attempt certificate extraction:echo | openssl s_client -connect host:port 2>&1 | sed --quiet "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p" | wc -l# (ensure that that prints a number greater than 0)# test for TLS 1.2 support (recommended)openssl s_client -connect host:port -tls1_2# and TLS 1.3 (probably not supported, who knows)openssl s_client -connect host:port -tls1_3# test for BEAST vulnerability# step 1 - attempt to connect without TLS at allecho | openssl s_client -connect host:port -cipher 'ALL:!RC4' -no_tls1_1 -no_tls1_2# That should give you an error# now step 2 - see if the server accepts RC4 (it shouldn't)echo | openssl s_client -connect host:port -cipher 'ALL:+RC4' -no_tls1_1 -no_tls1_2# again, it should fail with an errorAll of these commands look daunting. There is a much easier way to do this, though the above commands also work if you want to see everything that's going on. There is a script called testssl.sh. When I test my own servers I usually run it like so:# install testssl.shwget --quiet -O - https://testssl.sh > testssl.sh# test something that uses SSL/TLStestssl -e -E -s -p -S -P -c -h -U --quiet --wide --color 0 --html --htmlfile testssl.html --hints host:portYou can find out what these options do with testssl without any options.
URL: https://forum.audiogames.net/post/408008/#p408008
--
Audiogames-reflector mailing list
Audiogames-reflector@sabahattin-gucukoglu.com
https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector