To test a HTTP/S server for weak Diffie-Hellman (DH) SSL / TLS ciphers, you may use the following command (Linux):
$ openssl s_client -connect [target]:443 -cipher "EDH" EDH requires use of weak DH keys. If it connects, you may GET / HTTP/1.0 to confirm. A secure host should not connect, e.g. $ openssl s_client -connect www.gmail.com:443 -cipher "EDH" CONNECTED(00000003) 139671352862352:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: https://weakdh.org/ Comments are closed.
|
Archives
September 2017
Categories
All
|
|
|