Hello, > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On > Behalf Of Tim Brown > Sent: Saturday, February 06, 2010 5:35 PM > To: [email protected] > Subject: [Openvas-plugins] OpenVAS SSL cipher suite checks > > Can't remember who I was talking to about OpenVAS's SSL > support and the limitations imposed by the use of GNU TLS, > but porting the following to OpenVAS would make a fun little project: > > http://code.google.com/p/ssl-enum/ > > Essentially, different SSL libraries (Windows, GNU TLS, > OpenSSL) support different cipher suites and thus you can't > really rely on one library to check what a server supports. > If anyone is interested in working on this, give me a shout > and maybe we can get something going.
Yes, we don't need to use any SSL library, if the idea is to check weak cipher's etc., It can be done using NASL by sending raw Client Hello messages. I think the text files provided here will be useful. Thanks, Chandra. _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
