I've been alerted to the fact I left in a bit of debug code that was printing out a load of '*' (thanks Richard).
a new version is available at http://dmcdonald.net/athena-ssl-cipher-check_v0521.tar.gz On Tue, Aug 24, 2010 at 1:16 PM, Darren McDonald <[email protected]> wrote: > I've posted a new SSL Cipher tool onto my website, at > http://dmcdonald.net/athena-ssl-cipher-check_v052.tar.gz, Athena SSL Cipher > Scanner. > > Unlike most SSL cipher scanners which have a limited list of ciphers they > know of, athena checks all 65536 cipher codes. Of these codes it can > identify ~150 different ciphers, if it finds a cipher which it cannot > identify, it'll just inform you that it has found a unknown cipher. Rather > than sending it 65536 requests to find these ciphers it sends large blocks > of cipher codes, and uses the server response to narrow down it's search, > similar to a binary search algorithm. It can scan most ssl services in a > couple of minutes or so. Further speed improvements are in the pipeline. > > It currently works very well with IIS and apache, but seems to have issues > with Sun HTTP Servers, the reasons behind which ive not yet fully explored. > Note I've reimplimented part of sslv2, sslv3, and tls1, and for all ive know > ive got it wrong and it could completely hose your box, use with caution in > live environments. > > Id be greatful for any feed back/bugs/comments. > > Best, > > Renski > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
