Skip to content
This repository was archived by the owner on Jan 19, 2022. It is now read-only.

Tests

Jump to bottom
Stefan Arentz edited this page May 27, 2013 · 2 revisions

Things we can test for:

Known Vulnerabilities:

  • BEAST
  • CRIME
  • SSLv2
  • SSLv3?
  • Compression
  • Bad cipher suites
  • TLS Renegotiation vulnerability

TLS Extensions:

  • SNI
  • Next Protocol

Certificates:

  • Check if the certificate is self-signed
  • Check if the certificate has been signed by a bad CA?
  • Check if the certificate has been signed by a CA that is part of Firefox/Chrome/Safari/etc.
  • Check if the certificate has a valid date range
  • Check if the certificate is about to expire
  • Check for RSA key smaller than 2048 bits
  • Check for DSA key smaller than 2048 bits
  • Check for MD5 signatures
  • Check for internal domain names or emails exposed via cert
  • That Debian thing? (Bad prng?)

OCSP

  • Do the OCSP check?

References

https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29

Clone this wiki locally