![]() ![]() Unfortunately, not every cipher suite you are using can be listed. Result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1) SSL handshake has read 7 bytes and written 171 bytesĬiphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')Įcho Obtaining cipher list from $(openssl version). Or, use openssl, when we use MEDIUM, it should be not working, only HIGH can be accepted $ openssl s_client -connect 127.0.0.1:4903 -cipher MEDIUMġ39781540525968:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769: | 64-bit block cipher 3DES vulnerable to SWEET32 attack Starting Nmap 7.70 ( ) at 09:26 Eastern Standard Time If recreate keystore, the new name / password should be changed on server.xml $ keytool -import -alias tara -file tara.cer -keystore. Send the content in tara.csr to CA to signĪfter get the feedback from CA, download tara.cer and import $ keytool -certreq -alias tara -keyalg RSA -file. ![]() $ keytool -genkey -alias tara -keyalg RSA -keysize 2048 -keystore. Normally, the password is on Tomcat server.xml, if cannot find, create a new one instead. Generate a request, the password of the old keystore is needed. > Verify return code: 10 ( certificate has expired) SSL handshake has read 1052 bytes and written 589 bytes > verify error:num=10: certificate has expired > verify error:num=18: self signed certificate $ openssl s_client -connect localhost:7004ĭepth=0 C = US, ST = VA, L = VVV, O = xxx, OU = yyy, CN = I will record how to verify and fix the these vulnerabilities.Įxpired/Untrusted/Self-signed Certificate: Most of them are related with Web Server, especially with Tomcat. Recently, I am focusing on dealing with the vulnerabilities which found by a security scan. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |