cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: weak cipher suites with OpenSSL, SecureTransport and... ?

From: Fabian Frank <fabian.frank.de_at_gmail.com>
Date: Sat, 18 Jan 2014 21:30:23 -0800

On Jan 9, 2014, at 2:34 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> Left to do is then to build curl with other TLS backends and try it against https://www.howsmyssl.com/a/check to see if there are more flaws in this style.

Darwin SSL looks good
$ ./src/curl --version
curl 7.34.1-DEV (x86_64-apple-darwin13.0.0) libcurl/7.34.1-DEV SecureTransport zlib/1.2.8 libidn/1.26
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: Debug TrackMemory IDN IPv6 Largefile NTLM NTLM_WB SSL libz
$ ./src/curl 'https://www.howsmyssl.com/a/check'
{"given_cipher_suites":["TLS_EMPTY_RENEGOTIATION_INFO_SCSV","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES
_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_RC4_128_SHA","TLS_RSA_WITH_RC4_128_MD5","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_PSK_WITH_AES_256_CBC_SHA384","TLS_PSK_WITH_AES_128_CBC_SHA256","TLS_PSK_WITH_AES_256_CBC_SHA","TLS_PSK_WITH_AES_128_CBC_SHA","TLS_PSK_WITH_RC4_128_SHA","TLS_PSK_WITH_3DES_EDE_CBC_SHA"],"ephemeral_keys_supported":true,"session_ticket_supported":false,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Improvable�}

Regards,
Fabian

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-19

This message: [ Message body ]
Next message: Fabian Frank: "GnuTLS improvements [Re: weak cipher suites with OpenSSL, SecureTransport and... ?]"
Previous message: Fabian Frank: "Re: question of curl_easy_getinfo on sftp"
In reply to: Daniel Stenberg: "weak cipher suites with OpenSSL, SecureTransport and... ?"
Next in thread: Fabian Frank: "GnuTLS improvements [Re: weak cipher suites with OpenSSL, SecureTransport and... ?]"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]