Firstly, being that nessus uses nasl scripts and plugins from source, you SHOULD be able to find out exactly what they are doing from there. Check something like /usr/src/nessus/nessus-plugins/ to get a better understanding. I would guess from your email that you want to know how the SSL cipher checks work in nessus. I haven't taken a look, but I would guess its pretty straight forward.
The trick is to connect to the server via SSL, and then find out the ciphers available to the server by querying it. You can pretty much get all this info by checking the RFC specs, but a lot of heavy lifting is done for you already if you were to use something like the openssl libs, which should work on the platforms you want to query from. As a starting point I would check out http://www.openssl.org/docs/ and read up on the SSL API. Basically you want to use a basic SSL connection framework and call the ultra secret API call to do it all for ya.... SSL_get_ciphers(), which is the API call to get the list of available ciphers for the given target. To get you started, I would check out http://www.openssl.org/docs/ssl/ssl.html Good luck. Happy hacking. --- Regards, Dana M. Epp ----- Original Message ----- From: "Patrick Boucher" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 18, 2003 9:21 AM Subject: Encryption Level of web site > Greetings, > > I would like to know what are the permited (and deny) encryption Level on a > Web Site. > > Nessus tell me that my target host accept 40 bit, 56 bits and 128 bits > encryptions.. > > I would like to know how that information was obtained? > > How can i get that information?(Without using Nessus) In Linux and Windows ? > > Thank you. > -- > Patrick Boucher > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
