Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl-users] regarding ssl_server test
425 views
Skip to first unread message
R-D intern
May 26, 2016, 1:41:16 PM5/26/16
to
Hello,
I have implemented ssl for my internal server that listens over a
private ip. Can anyone suggest how can I test my ssl_server? For eg. Qualys
test shows the amount of ssl implementation of a server listening over
public ip and even checks for vulnerabilities in ssl implementation. How
can such a thing be tested for a server listening over private ip?
Please help. Awaiting response.
Regards,
R-D Intern
--
View this message in context: http://openssl.6102.n7.nabble.com/regarding-ssl-server-test-tp66354.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I have implemented ssl for my internal server that listens over a
private ip. Can anyone suggest how can I test my ssl_server? For eg. Qualys
test shows the amount of ssl implementation of a server listening over
public ip and even checks for vulnerabilities in ssl implementation. How
can such a thing be tested for a server listening over private ip?
Please help. Awaiting response.
Regards,
R-D Intern
--
View this message in context: http://openssl.6102.n7.nabble.com/regarding-ssl-server-test-tp66354.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Matěj Cepl
May 26, 2016, 5:02:20 PM5/26/16
to
On 2016-05-26, 16:33 GMT, R-D intern wrote:
> I have implemented ssl for my internal server that listens
> over a private ip. Can anyone suggest how can I test my
> ssl_server? For eg. Qualys test shows the amount of ssl
> implementation of a server listening over public ip and even
> checks for vulnerabilities in ssl implementation. How can such
> a thing be tested for a server listening over private ip?
> I have implemented ssl for my internal server that listens
> over a private ip. Can anyone suggest how can I test my
> ssl_server? For eg. Qualys test shows the amount of ssl
> implementation of a server listening over public ip and even
> checks for vulnerabilities in ssl implementation. How can such
> a thing be tested for a server listening over private ip?
Are we talking about unit testing or functional testing? For the
former, just use whatever tools are appropriate for your
language, and for the latter, ... I am trying to revive M2Crypto
(Python bindings to OpenSSL), which has a lot of tests done via
running the OpenSSL’s binary s_client against the server and
checking the reaction of the server. That could work for you as
well, couldn't it?
Matěj
--
https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz
GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8
Courage is resistance of fear, mastery of fear, not absence of
fear.
Jakob Bohm
May 26, 2016, 5:52:18 PM5/26/16
to
On 26/05/2016 18:33, R-D intern wrote:
> Hello,
online configuration tests such as the one run by Qualsys.
What would be really nice would be if one of the good test
suites could be downloaded and run locally on internal servers,
non-web servers, staging servers etc. to verify that
configurations are correct, or at least as good as possible.
Note (for some of the other repliers) that this is not about
unit-testing or software testing, but about testing if a
finished system has been correctly configured and assembled.
In other words, the question isn't "is there a bug in my
new/changed code?". But "Did I accidentally configure this
Apache HTTPS server with RSA-EXPORT enabled or something
equally dangerous?", "Does the STARTLS mail server I just
installed implement OCSP stapling safely?", "Did I install
the correct set of intermediary CA certs in the returned
chain?", and hundreds of similar questions.
QualSys does an excellent job checking this for public port 443
https servers, but nothing else, a downloadable copy of the
QualSys code without the policy restrictions of the online
service would be one way of filling the gap.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
> Hello,
> I have implemented ssl for my internal server that listens over a
> private ip. Can anyone suggest how can I test my ssl_server? For eg. Qualys
> test shows the amount of ssl implementation of a server listening over
> public ip and even checks for vulnerabilities in ssl implementation. How
> can such a thing be tested for a server listening over private ip?
> private ip. Can anyone suggest how can I test my ssl_server? For eg. Qualys
> test shows the amount of ssl implementation of a server listening over
> public ip and even checks for vulnerabilities in ssl implementation. How
> can such a thing be tested for a server listening over private ip?
> Please help. Awaiting response.
> Regards,
> R-D Intern
>
Indeed, there are many servers that cannot be reached by the
> Regards,
> R-D Intern
>
online configuration tests such as the one run by Qualsys.
What would be really nice would be if one of the good test
suites could be downloaded and run locally on internal servers,
non-web servers, staging servers etc. to verify that
configurations are correct, or at least as good as possible.
Note (for some of the other repliers) that this is not about
unit-testing or software testing, but about testing if a
finished system has been correctly configured and assembled.
In other words, the question isn't "is there a bug in my
new/changed code?". But "Did I accidentally configure this
Apache HTTPS server with RSA-EXPORT enabled or something
equally dangerous?", "Does the STARTLS mail server I just
installed implement OCSP stapling safely?", "Did I install
the correct set of intermediary CA certs in the returned
chain?", and hundreds of similar questions.
QualSys does an excellent job checking this for public port 443
https servers, but nothing else, a downloadable copy of the
QualSys code without the policy restrictions of the online
service would be one way of filling the gap.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
R-D intern
May 27, 2016, 3:33:10 PM5/27/16
to
Thank you so much.I tried searching for a downloadable ssl_server test
source code for internal servers but couldn't get any.how could I get one?
Thanks and regards,
R-D Intern
--
View this message in context: http://openssl.6102.n7.nabble.com/regarding-ssl-server-test-tp66354p66400.html
source code for internal servers but couldn't get any.how could I get one?
Thanks and regards,
R-D Intern
--
View this message in context: http://openssl.6102.n7.nabble.com/regarding-ssl-server-test-tp66354p66400.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Jeffrey Walton
May 27, 2016, 10:06:58 PM5/27/16
to
On Thu, May 26, 2016 at 5:51 PM, Jakob Bohm <jb-op...@wisemo.com> wrote:
> On 26/05/2016 18:33, R-D intern wrote:
>>
>> Hello,
>> I have implemented ssl for my internal server that listens over
>> a
>> private ip. Can anyone suggest how can I test my ssl_server? For eg.
>> Qualys
>> test shows the amount of ssl implementation of a server listening over
>> public ip and even checks for vulnerabilities in ssl implementation. How
>> can such a thing be tested for a server listening over private ip?
>> Please help. Awaiting response.
>> Regards,
>> R-D Intern
>>
>
> Indeed, there are many servers that cannot be reached by the
> online configuration tests such as the one run by Qualsys.
>
> What would be really nice would be if one of the good test
> suites could be downloaded and run locally on internal servers,
> non-web servers, staging servers etc. to verify that
> configurations are correct, or at least as good as possible.
That's sslscan (http://sourceforge.net/projects/sslscan/). You need a
> On 26/05/2016 18:33, R-D intern wrote:
>>
>> Hello,
>> I have implemented ssl for my internal server that listens over
>> a
>> private ip. Can anyone suggest how can I test my ssl_server? For eg.
>> Qualys
>> test shows the amount of ssl implementation of a server listening over
>> public ip and even checks for vulnerabilities in ssl implementation. How
>> can such a thing be tested for a server listening over private ip?
>> Please help. Awaiting response.
>> Regards,
>> R-D Intern
>>
>
> Indeed, there are many servers that cannot be reached by the
> online configuration tests such as the one run by Qualsys.
>
> What would be really nice would be if one of the good test
> suites could be downloaded and run locally on internal servers,
> non-web servers, staging servers etc. to verify that
> configurations are correct, or at least as good as possible.
modern fork because the original version by Ventura-Whiting and Bowman
has been abandoned. The abandoned version lacks things like TLV 1.2
support and SNI support.
You can find lots of forks of the original sslscan on GitHub:
http://www.google.com/search?q=sslscan+site:github.com
Jeff
0 new messages