ssl3
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | ssl3 [2016-09-28 08:43:38] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== TLS1.2 <-> SSLv3 wrapper ====== | ||
+ | Situation: there is a proprietary application that only supports SSLv3 and the vendor does not care. | ||
+ | |||
+ | Solution: | ||
+ | - make the application listen to 127.0.0.1: | ||
+ | - socat -v openssl-listen: | ||
+ | |||
+ | ===== Disabled SSL3 support ===== | ||
+ | |||
+ | As of 9/2016, Debian links socat against openssl without SSL3 support. Therefore the above no longer works. | ||
+ | |||
+ | I have managed to compile openssl with SSL3 | ||
+ | < | ||
+ | ./Configure --prefix=/ | ||
+ | </ | ||
+ | and somehow compile socat with it | ||
+ | < | ||
+ | change /sw to /opt/ssl3 in configure | ||
+ | negate the condition above | ||
+ | LIBS=-ldl ./configure | ||
+ | </ | ||
+ | openssl s_client supports ssl3 now (/ | ||
+ | |||
+ | ===== Old ciphersuites only ===== | ||
+ | |||
+ | Next, the following system was encountered during an... eh... //network security reconnaissance// | ||
+ | |||
+ | < | ||
+ | 443/tcp open Ubiquity Crap | ||
+ | | ssl-enum-ciphers: | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | Weak certificate signature: SHA1 | ||
+ | |_ least strength: D | ||
+ | </ | ||
+ | |||
+ | Cipher suites need to be replaced in your socat in xio-openssl.c: | ||
+ | <code c> | ||
+ | // | ||
+ | char *ci_str = " | ||
+ | </ |
ssl3.txt · Last modified: by 127.0.0.1