check_ssl_cert
check_ssl_cert copied to clipboard
Check for weak ciphers
Discussed in https://github.com/matteocorti/check_ssl_cert/discussions/500
Originally posted by nickjwest January 17, 2024 Can you add a check that will look for weak ciphers. such as is found using curl on Debian system where there is a default reject of anything below 2048.
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (OUT), TLS alert, bad certificate (554):
- SSL certificate problem: EE certificate key too weak
- Closing connection 0 curl: (60) SSL certificate problem: EE certificate key too weak More details here: https://curl.haxx.se/docs/sslcerts.html