Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Sep 2, 2010

SSL/TLS configuration, figure it out!

There are several ways to figure out  the SSL/TLS configuration of a webserver. If you're dealing with an Internet facing server, the quickest solution is to use a webpage like www.ssllabs.com or www.serversniff.net (Webserver -> SSL Info). SSLLabs will give a "management friendly" presentation of a server's SSL/TLS configuration, underlining that you need not be all l33t H4x0r to uncover a lax security config.

Another option is to use a standalone tool, such as ssldigger — or Mozilla Firefox! SSL ciphers can easily be enabled and disabled through the Firefox advanced configuration. Simply enter "about:config" in the address bar to access all Firefox configuration options. To filter the options for SSL/TLS, input "security" in the filter bar.
Firefox SSL/TLS configuration

All supported SSL/TLS cipher suites are listed and can be enabled or disabled at will.

SSL/TLS negotiates a cipher suite based on the list of supported cipher suites on the client and server. I.e. the client sends a list of supported cipher suites, and the server selects its preferred suite. If no common suite is found, the setup of the connection fails.

To figure out which encryption method has been selected for a particular site, check out "Security" under "Tools" -> "Page info". You can also double click on the padlock, or the green name in the address bar, while visiting a site using HTTPS.
Easy, huh? :)

Posted by at
Labels: ,

7 comments:

  1. 林磊18 May, 2017 14:35

    20170518 leilei3915
    mont blanc pens
    pandora charms
    coach factory outlet
    michael kors handbags
    lacoste shirts
    mlb jerseys wholesale
    polo shirts
    michael kors outlet clearance
    cheap mlb jerseys
    ugg boots

    ReplyDelete
  2. Richard Majece20 March, 2018 13:16

    Modern technologies mean a lot for me, cause even when I write I use info from Internet source, so I think that it's everywhere now. You can go here and see it.

    ReplyDelete
  3. สวยพี่สวย26 August, 2018 07:57

    It's a very comfortable trip, I like it a lot.







    สมัครบาคาร่า

    ReplyDelete
  4. ketty Smith10 September, 2018 12:02

    Hello guys do you know that going through a review of websites will give you much insight about it which you can’t know by simply visiting it, Here is the
    All assignment help Reviews that reviews the website and provides you the best website .

    ReplyDelete
  5. Unknown31 October, 2018 09:54

    surveillancekart security system

    surveillancekart cctv installation services

    cp plus

    Pestveda pest control services

    dezigly

    The feedgasm Latest News And Breaking News

    quicksodes

    latest news in hindi

    ReplyDelete
  6. ruchika chawla10 December, 2018 07:53

    Thank you for sharing your knowledge and experience with me.
    full body to body massage centres in malviya nagar

    body massage in south delhi

    body massage in by female in malviya nagar

    body massage in new delhi

    body to body massage in south delhi

    massage centres in malviya nagar

    ReplyDelete
  7. digitaltechnology11 February, 2019 08:22

    I am glad to find amazing information from the blog. Thanks for sharing the information. for more useful Information visit:
    Digital marketing training institute in Jaipur
    Digital Marketing Course in Jaipur

    ReplyDelete

Subscribe to: Post Comments (Atom)

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts