[SSL Observatory] public TLS/SSL test server ?
Tom Ritter
tom at ritter.vg
Sat May 19 10:34:52 PDT 2012
On 19 May 2012 00:03, =JeffH <Jeff.Hodges at kingsmountain.com> wrote:
> Are there also yet more issues that'd be good to test for?
Off the top of my head, although not all of these may be applicable:
- Overbroad Wildcard Certs: *.com, *.*
- Certs for domains not on the http://publicsuffix.org/ list
- MD5 signatures
- Short Public modulii
- Debian Weak Key
And then getting away from the certificate side of things and more for
TLS, you could enumerate all the different algorithms and test each
individually:
- Signature Algorithm Test Suite: RSA, DSA, ECDSA
- Hash Algorithm Test Suite: SHA1, SHA224, SHA256, SHA384, SHA512
- Key Exchange: DHE-RSA, DHE-DSS, ECDH-ECSA, ECDHE-ECDSA, etc...
There's a good overview here:
https://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations
although I suppose the RFCs and IANA would be the definitive sources.
-tom
More information about the Observatory
mailing list