sslyze icon indicating copy to clipboard operation
sslyze copied to clipboard

Published 20 hours ago verified publisher icon nabla-c0d3

Full Server Ciphersuite Order Preference Detection

Open faldridge opened this issue 6 years ago • 5 comments

In order to verify certain aspects of a given server's TLS configuration, e.g., full Forward Secrecy support, sslyze should be able to detect a server's full cipher suite order preference, for those that have them.

faldridge avatar Sep 25 '18 16:09 faldridge

I have some C code that does this, would sslyze be open to integrating it?

Jacopo avatar Sep 26 '18 01:09 Jacopo

I have a PR with a green build up for this, #339, but I haven't been able to get any feedback on it.

faldridge avatar Oct 04 '18 22:10 faldridge

Sorry, I haven't had time to look at this yet.

nabla-c0d3 avatar Oct 08 '18 05:10 nabla-c0d3

I'm hoping to finally get to this on the next release. For now I've removed the "preferred cipher suite" functionality as it was too buggy.

When implementing cipher suite order detection, the following behavior will have to be considered: https://github.com/nabla-c0d3/sslyze/issues/456.

nabla-c0d3 avatar Jan 19 '21 03:01 nabla-c0d3