[SSL Observatory] public TLS/SSL test server ?
=JeffH
Jeff.Hodges at KingsMountain.com
Fri May 18 21:03:35 PDT 2012
> As part of Jeff Jarmoc's research on SSL Interception Proxies[0] he's
> set up some of these tests at https://ssltest.offenseindepth.com/ to
> test if an interception proxy was accepting certs it shouldn't.
>
> [0] http://www.secureworks.com/research/threats/transitive-trust/
cool, thanks for the pointer, that server is fairly far along the lines of what
I was wondering about. Although it is intended to be used to test TLS/SSL
intercepting proxies, it's useful for direct TLS/SSL testing.
If one dissects the index.html file, one finds these particular URIs to use to
test specific failure modes..
https://badcn.offenseindepth.com
https://unknownca.offenseindepth.com
https://selfsigned.offenseindepth.com
https://expired.offenseindepth.com
https://basicconstraints.offenseindepth.com
https://revoked.offenseindepth.com
https://nullchar.offenseindepth.com
AFAICT, there are not examples of some of the other issues potential issues..
unavailable CRL or OCSP
transvalid cert
factorizable public key
Are there also yet more issues that'd be good to test for?
thanks,
=JeffH
More information about the Observatory
mailing list