testing_tls_ssl_encryption

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
testing_tls_ssl_encryption [2018/06/25 09:54]
Stephane de Labrusse
testing_tls_ssl_encryption [2022/01/06 15:27]
Stephane de Labrusse [CryptCheck]
Line 2: Line 2:
 ====Command-line==== ====Command-line====
 Some commands for QA Some commands for QA
 +
 +xmpp
 +
 +<file>
 +openssl s_client  -starttls xmpp -xmpphost domain.org -connect sub.domain.org:5222
 +</file>
 +
 +domain.org is the domain of xmpp
 +
 +<file>
 +nmap  --script ssl-enum-ciphers sub.domain.org -p 5223
 +</file>
  
 httpd httpd
Line 32: Line 44:
  
     openssl req -new -sha256 -key ecc-qa-key.pem -out ecc-qa-csr.csr -subj '/CN=vmalpha.dpnet.nethesis.it, O=Nethesis, ST=Italy/emailAddress=davide.principi@nethesis.it/subjectAltName=vmalpha.dpnet.nethesis.it,mattermost.dpnet.nethesis.it,mynextcloud.domain.com,vm8.dpnet.nethesis.it, OU=Development, C=IT, L=Pesaro'     openssl req -new -sha256 -key ecc-qa-key.pem -out ecc-qa-csr.csr -subj '/CN=vmalpha.dpnet.nethesis.it, O=Nethesis, ST=Italy/emailAddress=davide.principi@nethesis.it/subjectAltName=vmalpha.dpnet.nethesis.it,mattermost.dpnet.nethesis.it,mynextcloud.domain.com,vm8.dpnet.nethesis.it, OU=Development, C=IT, L=Pesaro'
-    + 
 +Nmap 
 + 
 +     nmap  --script ssl-enum-ciphers 192.168.122.8 -p 636 
 + 
 +The `nmap` command in Fedora 28 has more detailed output than the one in CentOS7. 
 + 
 +openssl 
 + 
 +<file> 
 +openssl s_client -showcerts -connect 192.168.56.8:636 
 +</file>
 ====CryptCheck==== ====CryptCheck====
 https://tls.imirhil.fr/ https://tls.imirhil.fr/
Line 38: Line 61:
 test ssl/tls/ssh test ssl/tls/ssh
  
 +====ssllabs.com====
 +
 +https://ssllabs.com
 ==== testssl.sh ==== ==== testssl.sh ====
  
Line 55: Line 81:
  
 Here how to test services, please refer to the man for complete commands Here how to test services, please refer to the man for complete commands
 +
 +* openldap 
 +
 +<file>
 +         ./testssl.sh 127.0.0.1:636
 +
 +</file>
 +
 +* Samba AD
 +
 +<file>
 +         ./testssl.sh ad.domain.com:636
 +</file>
  
 * https  * https