testing_tls_ssl_encryption

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
testing_tls_ssl_encryption [2018/05/28 19:31]
Stephane de Labrusse
testing_tls_ssl_encryption [2022/01/06 15:27]
Stephane de Labrusse [CryptCheck]
Line 1: Line 1:
 ===== Testing TLS/SSL encryption ===== ===== Testing TLS/SSL encryption =====
 +====Command-line====
 +Some commands for QA
 +
 +xmpp
 +
 +<file>
 +openssl s_client  -starttls xmpp -xmpphost domain.org -connect sub.domain.org:5222
 +</file>
 +
 +domain.org is the domain of xmpp
 +
 +<file>
 +nmap  --script ssl-enum-ciphers sub.domain.org -p 5223
 +</file>
 +
 +httpd
 +
 +    curl -k -v https://192.168.122.8
 +    curl -k -v https://192.168.122.8 -H 'Host: mynextcloud.domain.com'
 +    curl -k -v https://192.168.122.8 -H 'Host: mattermost.dpnet.nethesis.it'
 +
 +httpd vhost
 +
 +    openssl s_client -servername vm8.dpnet.nethesis.it -connect 192.168.122.8:443
 +
 +httpd-admin
 +
 +     curl -k -v https://192.168.122.8:980
 +
 +slapd
 +
 +    LDAPTLS_REQCERT=never ldapsearch -ZZ -s base -H ldap://192.168.122.8 -D 'cn=ldapservice,dc=directory,dc=nh' -x -w '6lpPIkkPr_DEXzdu'  -b ''
 +
 +dovecot 
 +
 +    curl --ssl -k -v -u first.user:Nethesis,1234 imap://192.168.122.8
 +
 +postfix
 +
 +    curl --ssl -k -v -u first.user:Nethesis,1234 smtp://192.168.122.8:587
 +
 +generate a CSR with server alt names (`-subj`)
 +
 +    openssl req -new -sha256 -key ecc-qa-key.pem -out ecc-qa-csr.csr -subj '/CN=vmalpha.dpnet.nethesis.it, O=Nethesis, ST=Italy/emailAddress=davide.principi@nethesis.it/subjectAltName=vmalpha.dpnet.nethesis.it,mattermost.dpnet.nethesis.it,mynextcloud.domain.com,vm8.dpnet.nethesis.it, OU=Development, C=IT, L=Pesaro'
 +
 +Nmap
 +
 +     nmap  --script ssl-enum-ciphers 192.168.122.8 -p 636
 +
 +The `nmap` command in Fedora 28 has more detailed output than the one in CentOS7.
 +
 +openssl
 +
 +<file>
 +openssl s_client -showcerts -connect 192.168.56.8:636
 +</file>
 ====CryptCheck==== ====CryptCheck====
 https://tls.imirhil.fr/ https://tls.imirhil.fr/
Line 5: Line 61:
 test ssl/tls/ssh test ssl/tls/ssh
  
 +====ssllabs.com====
 +
 +https://ssllabs.com
 ==== testssl.sh ==== ==== testssl.sh ====
  
Line 22: Line 81:
  
 Here how to test services, please refer to the man for complete commands Here how to test services, please refer to the man for complete commands
 +
 +* openldap 
 +
 +<file>
 +         ./testssl.sh 127.0.0.1:636
 +
 +</file>
 +
 +* Samba AD
 +
 +<file>
 +         ./testssl.sh ad.domain.com:636
 +</file>
  
 * https  * https