check_ssl_cert icon indicating copy to clipboard operation
check_ssl_cert copied to clipboard

Published 20 hours ago verified publisher icon matteocorti

Check for weak ciphers

Open matteocorti opened this issue 5 months ago • 1 comments

Discussed in https://github.com/matteocorti/check_ssl_cert/discussions/500

Originally posted by nickjwest January 17, 2024 Can you add a check that will look for weak ciphers. such as is found using curl on Debian system where there is a default reject of anything below 2048.

  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (OUT), TLS alert, bad certificate (554):
  • SSL certificate problem: EE certificate key too weak
  • Closing connection 0 curl: (60) SSL certificate problem: EE certificate key too weak More details here: https://curl.haxx.se/docs/sslcerts.html

matteocorti avatar Jan 17 '24 19:01 matteocorti