Hello,
According to this manual below I disabled specific TLS ciphers and algorithms.
Do you know where I can check if parameters were set successfully please?
I use three different ways.
- Quick and dirty with OpenSSL.
[CODE]
#!/bin/bash
SERVER=127.0.0.1:9000
DELAY=1
ciphers=$(openssl ciphers ‘ALL:eNULL’ | sed -e ‘s/
/g’)
echo Obtaining cipher list from $(openssl version).
for cipher in ${ciphers[@]}
do
echo -n Testing cipher...
result=(echo -n | openssl s_client -cipher “$cipher” -connect $SERVER 2>&1)
if [[ "result" =~ ":error:" ]] ; then
error=(echo -n $result | cut -d’:’ -f6)
echo NO ($error)
else
if [[ “$result” =~ “no peer certificate available” ]] ; then
echo "NO (no peer certificate available)"
else
if [[ “result" =~ "Cipher is {cipher}” ]] ; then
echo YES
else
echo UNKNOWN RESPONSE
echo $result
fi
fi
fi
sleep $DELAY
done
[/CODE]
I found the script somewhere and adapted it.
2. https://tls.imirhil.fr/
3. https://www.ssllabs.com/ This service only checks servers listening on port 443. You may change your Graylog configuration to do that. I prefer nat-ing with something like:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 9000
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.