rbsec
rbsec
@kingthorin sounds sensible - I think that my only comment would be around the (always tricky) question of naming. To my mine, "testing for weak credentials" makes me think about...
@kingthorin I'd agree with that - "authenticators" is used is some more formal docs by people like NIST, but doesn't seem to really fit for day-to-day usage.
Did you build sslscan with `make static`, and do yo have the zlib headers installed? If you're building against the system OpenSSL then that's unlikely to support compression.
What exactly is the problem you're having?
Are you using the latest (statically) build version of sslscan? If so, which specific ciphers are not being detected, and can you either share a PCAP or a way to...
sslscan takes a less opinionated view of what is considered "weak", especially for things like PFS that may not be required depending on your threat model. From the screenshot it...
Once OpenSSL merged ECH into the master branch of an LTS version then supporting it would probably be a lot easier. Trying to write our own proper implementation sounds like...