[openssl-users] regarding ssl_server test

Jakob Bohm jb-openssl at wisemo.com
Thu May 26 21:51:26 UTC 2016


On 26/05/2016 18:33, R-D intern wrote:
> Hello,
>           I have implemented ssl for my internal server that listens over a
> private ip. Can anyone suggest how can I test my ssl_server? For eg. Qualys
> test shows the amount of ssl implementation of a server listening over
> public ip  and even checks for vulnerabilities in ssl implementation. How
> can such a thing be tested for a server listening over private ip?
> Please help. Awaiting response.
> Regards,
> R-D Intern
>

Indeed, there are many servers that cannot be reached by the
online configuration tests such as the one run by Qualsys.

What would be really nice would be if one of the good test
suites could be downloaded and run locally on internal servers,
non-web servers, staging servers etc. to verify that
configurations are correct, or at least as good as possible.

Note (for some of the other repliers) that this is not about
unit-testing or software testing, but about testing if a
finished system has been correctly configured and assembled.
In other words, the question isn't "is there a bug in my
new/changed code?".  But "Did I accidentally configure this
Apache HTTPS server with RSA-EXPORT enabled or something
equally dangerous?", "Does the STARTLS mail server I just
installed implement OCSP stapling safely?", "Did I install
the correct set of intermediary CA certs in the returned
chain?", and hundreds of similar questions.

QualSys does an excellent job checking this for public port 443
https servers, but nothing else, a downloadable copy of the
QualSys code without the policy restrictions of the online
service would be one way of filling the gap.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list