středa 13. března 2024

Zjištění jaké šifry server podporuje

 Na openwrt je nutné nainstalovat nmap-full, který podporuje scriptování a TLS. A stáhnout script ssl-enum-ciphers

root@MB:~# nmap --script ssl-enum-ciphers.nse -p 443 server.cz
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-13 18:19 CET
Nmap scan report for server.cz (152.184.162.111)
Host is up (0.041s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - unknown
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|   TLSv1.1:
|     ciphers:
|       TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - unknown
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - unknown
|       TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - unknown
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: unknown

Nmap done: 1 IP address (1 host up) scanned in 4.07 seconds

Žádné komentáře:

Okomentovat