Custom OpenSSL for testssl.sh

Subject: Custom OpenSSL for testssl.sh
From: c.haase@ifu.com (Christian Haase)
Date: Mon, 12 Feb 2018 17:16:21 +0100
Message-id: <[🔎] 8f05c4bd-c652-4e24-6598-5681e178a566@ifu.com>

Hi,

testssl.sh recommends a forked version of OpenSSL. From [1]:

> Which OpenSSL binary?
> 
> As mentioned above, a prerequisite for thoroughly checking SSL/TLS enabled servers is that all you want to check for has to be available on your client. Transport encryption is not only depending on the server but also on your crypto provider on the client side ? especially if you want to use it for testing. So there are drawbacks for openssl binaries distributed with Linux and BSD:
> 
> * SSLv2 is most of the time disabled
> * one cannot check 56 Bit ciphers as they are disabled during compile time.
> * other ciphers are disabled for security reasons,
> * zlib support maybe not included (intend was to disable CRIME)
> * and last but not least: SSLv3 seems to be outphased too

I just want to bring this on the table, maybe it makes sense to include
the custom OpenSSL-Version in the package for use only by testssl.sh.
This ensures to have good test results even when the official OpenSSL
package gets rid of insecure features in the future.

Please discuss :)

Thanks,
Christian

[1] https://testssl.sh/

-- 
ifu Hamburg - material flows and software
"We enable sustainable production."

ifu Hamburg GmbH
Max-Brauer-Allee 50 - 22765 Hamburg - Germany
fon: +49 40 480009-0 - fax: +49 40 480009-22 - email: info at ifu.com

Managing Director: Jan Hedemann - Commercial Register: Hamburg, HRB 52629
www.ifu.com - www.umberto.de - www.e-sankey.com

Reply to:

Follow-Ups:
- Custom OpenSSL for testssl.sh
  - From: rhash.admin@gmail.com (Aleksey Kravchenko)

Prev by Date: sqlmap_1.2.2-1_source.changes ACCEPTED into unstable
Next by Date: VERY URGENT
Previous by thread: sqlmap_1.2.2-1_source.changes ACCEPTED into unstable
Next by thread: Custom OpenSSL for testssl.sh
Index(es):
- Date
- Thread