forked from pool/sslscan
Marcus Meissner
4c93bfb109
The latest version can not be compiled with SLE_11 and SLE12 w/o SP, but it brings a lot of great features: * Support for - STARTTLS: POP3, IMAP, FTP, XMPP - PostgreSQL - IPv6 addresses - TLSv1.1 and TLSv1.2 - XMPP server-to-server connections * Added check for - OpenSSL Heartbleed - POODLE * Highlight the following issues - weak RSA and DHE keys in output - SSLv2, SSLv3, RC4 ciphers - anonymous ADH and AECDH ciphers - weak (n <= 40 bit) and medium (40 < n <= 56 bit) * Certificates - Display certificate signing algorithm highlighting weak algorithms. - Display certificate key strength highlighting weak keys. - Flag expired certificates * Most secure protocols are scanned first * Display cipher details by default OBS-URL: https://build.opensuse.org/request/show/438006 OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=3
27 lines
1.8 KiB
Diff
27 lines
1.8 KiB
Diff
diff -ur sslscan-1.11.0-rbsec-orig/sslscan.c sslscan-1.11.0-rbsec/sslscan.c
|
|
--- sslscan-1.11.0-rbsec-orig/sslscan.c 2015-09-24 16:18:55.000000000 +0200
|
|
+++ sslscan-1.11.0-rbsec/sslscan.c 2016-10-27 11:10:40.634492563 +0200
|
|
@@ -1613,18 +1613,21 @@
|
|
printf(" DSA Public Key: NULL\n");
|
|
}
|
|
break;
|
|
+ /* Comment out patented technology not enabled in Fedora */
|
|
+ /*
|
|
case EVP_PKEY_EC:
|
|
if (publicKey->pkey.ec)
|
|
{
|
|
// TODO - display key strength
|
|
printf_xml(" <pk error=\"false\" type=\"EC\" />\n");
|
|
- /* EC_KEY_print(stdoutBIO, publicKey->pkey.ec, 6); */
|
|
+ // EC_KEY_print(stdoutBIO, publicKey->pkey.ec, 6);
|
|
}
|
|
else
|
|
{
|
|
printf(" EC Public Key: NULL\n");
|
|
}
|
|
break;
|
|
+ */
|
|
default:
|
|
printf(" Public Key: Unknown\n");
|
|
printf_xml(" <pk error=\"true\" type=\"unknown\" />\n");
|