NSS Tools sslstrength 编辑

sslstrength

Summary

A simple command-line client which connects to an SSL-server, and reports back the encryption cipher and strength used.

Synopsis

1) sslstrength ciphers

2) sslstrength hostname[:port] [ciphers=xyz] [debug] [verbose] [policy=export|domestic]

Description

The first form simple lists out the possible ciphers. The letter in the first column of the output is used to identify the cipher preferences in the ciphers=  command.

The second form attempts to connect to the named ssl host. The hostname argument must be present. However, the port number is an optional argument, and if not given, will default to the https port (443).

Restricting Ciphers

By default, sslstrength assumes that all the preferences are on, so it will use any preferences in your policy. The enabled ciphersuites will always be printed out before the connection is made. If you want to test out a particular cipher, there are two ways to affect which ciphers are available. Firstly, you can set policy to be either domestic or export. This restricts the available ciphers to the same set used by Communicator. In addition to this, the ciphers command can be used to further restrict the ciphers available. The argument to the ciphers command is a string of characters, where each single character represents a cipher. You can obtain this list of character->cipher mappings by doing 'sslstrength ciphers'. For example,

    ciphers=bfi will turn on these cipher preferences and turn off all others.

    policy=export or policy=domestic will set your policies appropriately.

    policy will default to domestic if not specified.
 

Step-up

Step up is a mode where the connection starts out with 40-bit encryption, but due to a 'change-cipher-spec' handshake, changes to 128-bit encryption. This is only done in 'export mode', with servers with a special certificate. You can tell if you stepped-up, because the output will says 'using export policy', and you'll find the secret key size was 128-bits.

Prerequisites

You should have a cert7.db in the directory in which you run sslstrength.
 

Other

For references, here is a table of well-known SSL port numbers:
 

HTTPS443
IMAPS993
NNTPS563

 

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:50 次

字数:3105

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文