Show pagesourceOld revisionsBacklinksBack to top Share via Share via... Twitter LinkedIn Facebook Pinterest Telegram WhatsApp Yammer RedditRecent ChangesSend via e-MailPrintPermalink × Table of Contents Testing TLS/SSL encryption Command-line CryptCheck testssl.sh This is an old revision of the document! Testing TLS/SSL encryption Command-line Some commands for QA xmpp openssl s_client -starttls xmpp -xmpphost domain.org -connect sub.domain.org:5222 domain.org is the domain of xmpp nmap --script ssl-enum-ciphers sub.domain.org -p 5223 httpd curl -k -v https://192.168.122.8 curl -k -v https://192.168.122.8 -H 'Host: mynextcloud.domain.com' curl -k -v https://192.168.122.8 -H 'Host: mattermost.dpnet.nethesis.it' httpd vhost openssl s_client -servername vm8.dpnet.nethesis.it -connect 192.168.122.8:443 httpd-admin curl -k -v https://192.168.122.8:980 slapd LDAPTLS_REQCERT=never ldapsearch -ZZ -s base -H ldap://192.168.122.8 -D 'cn=ldapservice,dc=directory,dc=nh' -x -w '6lpPIkkPr_DEXzdu' -b '' dovecot curl --ssl -k -v -u first.user:Nethesis,1234 imap://192.168.122.8 postfix curl --ssl -k -v -u first.user:Nethesis,1234 smtp://192.168.122.8:587 generate a CSR with server alt names (`-subj`) openssl req -new -sha256 -key ecc-qa-key.pem -out ecc-qa-csr.csr -subj '/CN=vmalpha.dpnet.nethesis.it, O=Nethesis, ST=Italy/emailAddress=davide.principi@nethesis.it/subjectAltName=vmalpha.dpnet.nethesis.it,mattermost.dpnet.nethesis.it,mynextcloud.domain.com,vm8.dpnet.nethesis.it, OU=Development, C=IT, L=Pesaro' Nmap nmap --script ssl-enum-ciphers 192.168.122.8 -p 636 The `nmap` command in Fedora 28 has more detailed output than the one in CentOS7. CryptCheck https://tls.imirhil.fr/ test ssl/tls/ssh testssl.sh testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more. Read more at https://testssl.sh/ How to install yum install git git clone --depth 1 https://github.com/drwetter/testssl.sh.git cd testssl.sh/ Services Here how to test services, please refer to the man for complete commands * openldap ./testssl.sh 127.0.0.1:636 * Samba AD ./testssl.sh ad.domain.com:636 * https ./testssl.sh 127.0.0.1:443 * httpd-admin ./testssl.sh 127.0.0.1:980 * smtp ./testssl.sh -t smtp 127.0.0.1:587 * imap and pop3 ./testssl.sh -t imap 127.0.0.1:993 ./testssl.sh -t pop3 127.0.0.1:995 * cockpit ./testssl.sh -t pop3 127.0.0.1:9090 developer, dev tips testing_tls_ssl_encryption.1590507565.txt.gz Last modified: 2020/05/26 15:39by Stephane de Labrusse