Skip to main content

Open SSL to verify Weak Ciphers

 Below Bash script gets the list of supported cipher suites from OpenSSL and tries to connect using each one. If the handshake is successful, it prints YES. If the handshake isn't successful, it prints NO.


*************

#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=$1
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

*******************

[TestMachine#]$ ./check_ciphers <Server IP:Port>
Obtaining cipher list from OpenSSL 0.9.8k 25 Mar 2009.
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)

Comments

Post a Comment

Popular posts from this blog

Deploy OVF fails Issues detected with selected template. Details: VALUE_ILLEGAL: No supported hardware versions among [virtualbox-2.2]; supported: [vmx-04, vmx-07, vmx-08, vmx-09, vmx-10, vmx-11, vmx-12, vmx-13, vmx-14, vmx-15, vmx-16, vmx-17, vmx-18, vmx-19].

 Error: While deploy using OVF file ,getting error as : Issues detected with selected template. Details: - -1:-1:VALUE_ILLEGAL: No supported hardware versions among [virtualbox-2.2]; supported: [vmx-04, vmx-07, vmx-08, vmx-09, vmx-10, vmx-11, vmx-12, vmx-13, vmx-14, vmx-15, vmx-16, vmx-17, vmx-18, vmx-19]. Solution: Open .OVF file and edit       <Info>Virtual hardware requirements for a virtual machine</Info>       <System>         <vssd:ElementName>Virtual Hardware Family</vssd:ElementName>         <vssd:InstanceID>0</vssd:InstanceID>         <vssd:VirtualSystemIdentifier>zabbix_appliance-6.2.7</vssd:VirtualSystemIdentifier>         <vssd:VirtualSystemType> virtualbox-2.2 </vssd:VirtualSystemType>       </System> to  vmx-19       <Info>Virtual hardware requireme...
Post a Comment
Read more

vSphere HA agent for this host has an error: The vSphere HA agent is not reachable from vCenter Server |Vsphere HA status error | vCenter server 7.0

When you enable Vcenter HA on vsphere7.0 esxi cluster if you see any of the below error: vSphere HA agent for this host has an error: The vSphere HA agent is not reachable from vCenter Server Vsphere HA status error vSphere HA agent cannot be installed or configured  Solution: -Download latest Vmware tools VIB package from:   https://my.vmware.com/group/vmware/downloads/details?downloadGroup=VMTOOLS1125&productId=974&rPId=58693 -winscp to ESXi host the zip file of VIB. -Install the package:  esxcli software vib install -d  "/tmp/VMware-Tools-11.2.5-core-offline-depot-ESXi-all-17337674.zip" -Reboot the Esxi. -Right click on the esxi to do "Reconfigure vSphere HA"
Post a Comment
Read more