Support for detecting extensions supported by a scanned server.
GoogleCodeExporter opened this issue · comments
Google Code Exporter commented
TLS now supports extensions, some of which have impact on security; for example
OCSP Stapling makes it possible for a client to reliably get the revocation
status of the servers certificate.
OpenSSL v0.9.8h added support for this extension, if you pass -status it checks
it.
The COMMODO SSL Scanner includes a check for this:
https://sslanalyzer.comodoca.com/?url=LOGIN.LIVE.COM
It would also be helpful to check for other extensions like SNI since its
needed to manage v4 address depletion until v6 is fully viable.
Original issue reported on code.google.com by ryan.hu...@gmail.com
on 29 Mar 2012 at 4:02
Google Code Exporter commented
Thanks for the feedback.
That would be useful indeed. OpenSSL provides no documentation at all when it
comes to TLS extensions, which makes using them much harder but we'll see.
Original comment by nabla.c...@gmail.com
on 2 Apr 2012 at 3:17
- Changed state: Accepted
Google Code Exporter commented
Issues are now tracked on Github:
https://github.com/nabla-c0d3/sslyze/issues/3
Original comment by nabla.c...@gmail.com
on 8 Jul 2012 at 11:30
- Changed state: Invalid