๐Ÿ”’์ •๋ณด๋ณด์•ˆ/์ทจ์•ฝ์  ๋ถ„์„

์ทจ์•ฝ์  ๋ถ„์„ - SSL(TLS) ์ธ์ฆ์„œ ๋ถ„์„ ๋„๊ตฌ(ssllabs, sslyze, sslscan)

Janger 2024. 11. 26. 14:22
728x90

 

SSL ์ „๋ฒ„์ „ = ์ทจ์•ฝ

TLS 1.3 <= ์–‘ํ˜ธ

 

 

SSL Server Test

 

https://www.ssllabs.com/ssltest/

 

SSL Server Test (Powered by Qualys SSL Labs)

SSL Server Test This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or

www.ssllabs.com

 

 

Rank Chart

 

https://rankchart.org/

 

Rankchart - Tools for website owners and developers

Create an account and get access to advanced services, statistics and tools for your website... Network Monitoring Tools Different network checkers, scheduled scans and uptime statistics for your website. Failure and bad response time notifications. In-dep

rankchart.org

 

 

sslyze

 

https://github.com/nabla-c0d3/sslyze/releases

 

Releases · nabla-c0d3/sslyze

Fast and powerful SSL/TLS scanning library. Contribute to nabla-c0d3/sslyze development by creating an account on GitHub.

github.com

 

https://pypi.org/project/sslyze/

 

sslyze

Fast and powerful SSL/TLS scanning library.

pypi.org

 

https://nabla-c0d3.github.io/sslyze/documentation/

 

SSLyze — SSLyze 6.0.0 documentation

Release 6.0.0 SSLyze is a fast and powerful SSL/TLS scanning tool and Python library. SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elli

nabla-c0d3.github.io

 

 

sslscan

 

 

 

https://github.com/rbsec/sslscan

 

GitHub - rbsec/sslscan: sslscan tests SSL/TLS enabled services to discover supported cipher suites

sslscan tests SSL/TLS enabled services to discover supported cipher suites - rbsec/sslscan

github.com

 

 

$ sslscan -h
                   _
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|


                2.0.7
                OpenSSL 3.0.2 15 Mar 2022


Command:
  sslscan [options] [host:port | host]

Options:
  --targets=<file>     A file containing a list of hosts to check.
                       Hosts can  be supplied  with ports (host:port)
  --sni-name=<name>    Hostname for SNI
  --ipv4, -4           Only use IPv4
  --ipv6, -6           Only use IPv6

  --show-certificate   Show full certificate information
  --show-client-cas    Show trusted CAs for TLS client auth
  --no-check-certificate  Don't warn about weak certificate algorithm or keys
  --ocsp               Request OCSP response from server
  --pk=<file>          A file containing the private key or a PKCS#12 file
                       containing a private key/certificate pair
  --pkpass=<password>  The password for the private  key or PKCS#12 file
  --certs=<file>       A file containing PEM/ASN1 formatted client certificates

  --ssl2               Only check if SSLv2 is enabled
  --ssl3               Only check if SSLv3 is enabled
  --tls10              Only check TLSv1.0 ciphers
  --tls11              Only check TLSv1.1 ciphers
  --tls12              Only check TLSv1.2 ciphers
  --tls13              Only check TLSv1.3 ciphers
  --tlsall             Only check TLS ciphers (all versions)
  --show-ciphers       Show supported client ciphers
  --show-cipher-ids    Show cipher ids
  --show-times         Show handhake times in milliseconds

  --no-cipher-details  Disable EC curve names and EDH/RSA key lengths output
  --no-ciphersuites    Do not check for supported ciphersuites
  --no-compression     Do not check for TLS compression (CRIME)
  --no-fallback        Do not check for TLS Fallback SCSV
  --no-groups          Do not enumerate key exchange groups
  --no-heartbleed      Do not check for OpenSSL Heartbleed (CVE-2014-0160)
  --no-renegotiation   Do not check for TLS renegotiation
  --show-sigs          Enumerate signature algorithms

  --starttls-ftp       STARTTLS setup for FTP
  --starttls-imap      STARTTLS setup for IMAP
  --starttls-irc       STARTTLS setup for IRC
  --starttls-ldap      STARTTLS setup for LDAP
  --starttls-mysql     STARTTLS setup for MYSQL
  --starttls-pop3      STARTTLS setup for POP3
  --starttls-psql      STARTTLS setup for PostgreSQL
  --starttls-smtp      STARTTLS setup for SMTP
  --starttls-xmpp      STARTTLS setup for XMPP
  --xmpp-server        Use a server-to-server XMPP handshake
  --rdp                Send RDP preamble before starting scan

  --bugs               Enable SSL implementation bug work-arounds
  --no-colour          Disable coloured output
  --sleep=<msec>       Pause between connection request. Default is disabled
  --timeout=<sec>      Set socket timeout. Default is 3s
  --verbose            Display verbose output
  --version            Display the program version
  --xml=<file>         Output results to an XML file. Use - for STDOUT.
  --help               Display the help text you are now reading

Example:
  sslscan 127.0.0.1
  sslscan [::1]

 

 

 

 

 

 

์ถœ์ฒ˜: 

https://bling-son.tistory.com/54

 

[์ทจ์•ฝ์ ์ง„๋‹จ ๋„๊ตฌ] SSL ์ทจ์•ฝ์  ์ง„๋‹จ

1. SSL ๋ž€ ? SSL(Secure Socket Layer)์€ ์›น๋ธŒ๋ผ์šฐ์ €์™€ ์„œ๋ฒ„๊ฐ„ ์•”ํ˜ธํ™” ํ†ต์‹ ์„ ์œ„ํ•œ ํ”„๋กœํ† ์ฝœ์ด๋ฉฐ, SSL ์ธ์ฆ์„œ๋Š”SSL ๊ธฐ๋ฐ˜ํ•˜์—์„œ ์›น๋ธŒ๋ผ์šฐ์ €์™€ ์„œ๋ฒ„๊ฐ„ ์•”ํ˜ธํ™” ํ†ต์‹ ์„ ๊ฐ€๋Šฅํ•˜๊ฒŒ ํ•˜๋Š” ์ œ3์˜ ์‹ ๋ขฐ๊ธฐ๊ด€์ด ์ธ์ฆํ•œ

bling-son.tistory.com

 

 

728x90