So, you may have recently had an audit performed, or have been warned about the dangers of SSLv3, poodle attack, heartbleed and etc. You want to understand exactly which ciphers your using on the Load Balancer, cloud-server, or dedicated server. It’s actually very easy to do this with nmap. Install it first, naturally.<\/p>\n
\n# CentOS \/ RedHat
\nyum install nmap<\/p>\n# Debian \/ Ubuntu
\napt-get install nmap<\/p>\n# Check for SSL ciphers<\/p>\n
# nmap hostnamegoeshere.com --script ssl-enum-ciphers -p 443<\/p>\n
Starting Nmap 6.47 ( http:\/\/nmap.org ) at 2016-10-11 09:12 UTC
\nNmap scan report for 134.213.236.167
\nHost is up (0.0017s latency).
\nPORT STATE SERVICE
\n443\/tcp open https
\n| ssl-enum-ciphers:
\n| SSLv3: No supported ciphers found
\n| TLSv1.0:
\n| ciphers:
\n| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
\n| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
\n| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
\n| TLS_RSA_WITH_AES_128_CBC_SHA - strong
\n| TLS_RSA_WITH_AES_256_CBC_SHA - strong
\n| compressors:
\n| NULL
\n| TLSv1.1:
\n| ciphers:
\n| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
\n| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
\n| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
\n| TLS_RSA_WITH_AES_128_CBC_SHA - strong
\n| TLS_RSA_WITH_AES_256_CBC_SHA - strong
\n| compressors:
\n| NULL
\n| TLSv1.2: No supported ciphers found
\n|_ least strength: strong<\/p>\nNmap done: 1 IP address (1 host up) scanned in 1.57 seconds<\/p>\n
In this case we can see that only TLS v1.1 and TLS v1.0 are supported. No TLSv1.2 and no SSLv3.<\/p>\n
Cheers &
\nBest wishes,
\nAdam<\/p>\n","protected":false},"excerpt":{"rendered":"So, you may have recently had an audit performed, or have been warned about the dangers of SSLv3, poodle attack, heartbleed and etc. You want to understand exactly which ciphers your using on the Load Balancer, cloud-server, or dedicated server. … Continue reading