[openssl-users] Getting info on the ciphers supported by a client
Waldin
nospam.waldin at yopmail.com
Mon Mar 9 13:13:37 UTC 2015
Am 08.03.2015 um 09:14 schrieb Waldin:
> Now, I also want to check ciphers enabled in (mobile) mail clients.
> I've tried to make OpenSSL listen on port 110 (for POP with TLS) and
> redirected the client to the OpenSSL server. But when trying to pull
> mail I can't see any handshake information:
FTR, I've now managed to check my mobile mail client. The hint was the
argument to the s_client command's -starttls option, which made me
realize that for handshaking with starttls a minimum understanding of
the protocol is needed. OpenSSL probably doesn't include a POP or IMAP
server. But it works without starttls, when listening on port 993:
> >openssl s_server -cert public.pem -key ca-key.pem -accept 993
> Enter pass phrase for ca-key.pem:
> Loading 'screen' into random state - done
> Using default temp DH parameters
> ACCEPT
> -----BEGIN SSL SESSION PARAMETERS-----
> MFUCAQECAgMBBAIAOQQABDAM5TDoa/9vlS6pUsqtlPWpgpMc1L7bvwCS5UGiIhut
> 13A4uf0Zm8T2/q3ULkxnkPKhBgIEVP2ataIEAgIBLKQGBAQBAAAA
> -----END SSL SESSION PARAMETERS-----
> Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3
> -SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES
> 128-SHA:IDEA-CBC-SHA:RC4-SHA
> CIPHER is DHE-RSA-AES256-SHA
> Secure Renegotiation IS NOT supported
> ~A1 LOGIN "MYLOGIN" "MYPASSWORD"
> ERROR
> shutting down SSL
> CONNECTION CLOSED
> ACCEPT
Hurray! But wait, a plain text password? And no server certificate
pinning? Oh, no!
Wald
More information about the openssl-users
mailing list