Penetration Testing mailing list archives
RE: verify HTTPS 'vulnerabilities'
From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 26 Jul 2005 16:02:41 -0500
Would SSLDigger from Foundstone not work? For at least part of the testing?
-----Original Message----- From: Thomas Springer [mailto:tuevsec () gmx net] Sent: Tuesday, July 26, 2005 10:28 AM To: pen-test () securityfocus com Cc: Dan Rogers Subject: Re: verify HTTPS 'vulnerabilities' Dan Rogers wrote:List, Simple question: I have a report from Nessus telling me that a web server isoffering'export class' cyphers for it's SSL/TLS service. Nessusalso managedto obtain an internal IP address from the host (which is correct). Only HTTPS is open.i put an https-check based on openssl online at http://serversniff.net that tells you about certs and allowed ciphers on your https-server. tom
Current thread:
- verify HTTPS 'vulnerabilities' Dan Rogers (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Daniel Grzelak (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Omar Herrera (Jul 21)
- Re: verify HTTPS 'vulnerabilities' Thomas Springer (Jul 26)
- Re: verify HTTPS 'vulnerabilities' Michael Sierchio (Jul 26)
- <Possible follow-ups>
- RE: verify HTTPS 'vulnerabilities' Jarmon, Don R (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Jordan Del-Grande (Jul 21)
- RE: verify HTTPS 'vulnerabilities' Carl (Jul 22)
- RE: verify HTTPS 'vulnerabilities' Todd Towles (Jul 26)