Re: verify HTTPS 'vulnerabilities'

From: Thomas Springer (tuevsec@gmx.net)
Date: Tue Jul 26 2005 - 11:27:31 EDT


Dan Rogers wrote:
> List,
>
> Simple question:
>
> I have a report from Nessus telling me that a web server is offering
> 'export class' cyphers for it's SSL/TLS service. Nessus also managed
> to obtain an internal IP address from the host (which is correct).
> Only HTTPS is open.

i put an https-check based on openssl online at http://serversniff.net
that tells you about certs and allowed ciphers on your https-server.

tom



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:38 EDT