Yoav Nir <[email protected]> writes: >I feel the pain (I know some administrators who have made this mistake), but >it’s always best to test with something like “openssl s_client”.
That's quite possibly the worst thing to test it with, because it's what everyone else also tests against, so it's the thing that everyone makes their code compatible with. The SSH equivalent is Putty, the standard conformance test for SSH RFC compliance is "will Putty connect to it?". Since Putty bends over backwards to accomodate broken implementations, you end up with a "conformance test" that doesn't really test anything. What you need to test with is a fairly picky implementation with good diagnostics. I rather like Mike's server, https://www.mikestoolbox.org/. Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
