Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 10:08:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Test for vulnerability to Bleichenbacher attack

Browse Source 
This PR adds a test to check whether a server that supports ciphers suites that use RSA key transport (TLS_RSA) are vulnerable to Bleichenbacher attacks (see http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf).
This commit is contained in:
David Cooper
2017-12-12 09:31:06 -05:00
committed by David Cooper
parent 7e62dc3192
commit 5de873f8bc
5 changed files with 263 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/testssl.1.md
View File

@ -176,6 +176,8 @@ If the server provides no matching record in Subject Alternative Name (SAN) but
`-T, --ticketbleed` Checks for Ticketbleed memory leakage in BigIP loadbalancers.
`-BB, --robot` Checks for vulnerability to Bleichenbacher attacks.
`-R, --renegotiation` Tests renegotiation vulnerabilities. Currently there's a check for "Secure Renegotiation" and for "Secure Client-Initiated Renegotiation". Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP). A check for "Insecure Client-Initiated Renegotiation" is not yet implemented.
`-C, --compression, --crime` Checks for CRIME ("Compression Ratio Info-leak Made Easy") vulnerability in TLS. CRIME in SPDY is not yet being checked for.