Hi, Try run this command nmap --script ssl-cert,ssl-enum-ciphers 1.1.1.1 -p 443
On Wed, Dec 4, 2013 at 1:23 PM, LuKreme <krem...@kreme.com> wrote: > How do I checks what ciphers are available to the https compiled binary, > and how do I check with of those are active in the configuration? > > Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used > on a server with a self-signed cert (there's no e-commerce or any financial > data of any sort on the server). > > If an existing server wants to switch so that all traffic is encrypted > using DH if possible (interested in implementing Perfect Forward Secrecy) > are there any "Gotcha's" lurking in the bushes? > > If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH? > > To be accessible for most people (including some Windows XP users), what > else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES? > > Which ones do I need to avoid? > > -- > It's like looking for the farmer's daughter in a haystack, and finding > the needle. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Daniel Theodoro Cel: 11 9-9399-3364 http://www.linkedin.com/in/danieltheodoro • RHCE - Red Hat Certified Engineer • LPIC-3 - Senior Level Linux Certification • Novell Certified Linux Administrator - Suse 11 • Novell Data Center Technical Specialist - Suse 11 • OCA - Oracle Enterprise Linux Administrator Certified Associate expertise : EX436 - Red Hat Enterprise Clustering and Storage Management,