
<div dir="ltr">


<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Hello,</div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div>I believe</span>Â a user ofÂ 


<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">testssl.sh</span>Â wants to know about all ciphers and features of the scanned host.<br><div>It would be a disaster if a security specialist will not notice a vulnerability in his/her host.</div><div>So special openssl version is a must.</div><div><br></div><div>I agree that it should be included into theÂ <span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">testssl.sh package, no reason to separate it.<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"></span></span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Â  Regards,</span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Â  Aleksey</span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 12, 2018 at 7:16 PM, Christian Haase <span dir="ltr"><<a href="mailto:c.haase@ifu.com" target="_blank">c.haase@ifu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>

<br>

testssl.sh recommends a forked version of OpenSSL. From [1]:<br>

<br>

> Which OpenSSL binary?<br>

><br>

> As mentioned above, a prerequisite for thoroughly checking SSL/TLS enabled servers is that all you want to check for has to be available on your client. Transport encryption is not only depending on the server but also on your crypto provider on the client side â€“ especially if you want to use it for testing. So there are drawbacks for openssl binaries distributed with Linux and BSD:<br>

><br>

> * SSLv2 is most of the time disabled<br>

> * one cannot check 56 Bit ciphers as they are disabled during compile time.<br>

> * other ciphers are disabled for security reasons,<br>

> * zlib support maybe not included (intend was to disable CRIME)<br>

> * and last but not least: SSLv3 seems to be outphased too<br>

<br>

I just want to bring this on the table, maybe it makes sense to include<br>

the custom OpenSSL-Version in the package for use only by testssl.sh.<br>

This ensures to have good test results even when the official OpenSSL<br>

package gets rid of insecure features in the future.<br>

<br>

Please discuss :)<br>

<br>

Thanks,<br>

Christian<br>

<br>

[1] <a href="https://testssl.sh/" rel="noreferrer" target="_blank">https://testssl.sh/</a><br>

<span class="HOEnZb"><font color="#888888"><br>

--<br>

ifu Hamburg - material flows and software<br>

"We enable sustainable production."<br>

<br>

ifu Hamburg GmbH<br>

Max-Brauer-Allee 50 - 22765 Hamburg - Germany<br>

fon: +49 40 480009-0 - fax: +49 40 480009-22 - email: <a href="mailto:info@ifu.com">info@ifu.com</a><br>

<br>

Managing Director: Jan Hedemann - Commercial Register: Hamburg, HRB 52629<br>

<a href="http://www.ifu.com" rel="noreferrer" target="_blank">www.ifu.com</a> - <a href="http://www.umberto.de" rel="noreferrer" target="_blank">www.umberto.de</a> - <a href="http://www.e-sankey.com" rel="noreferrer" target="_blank">www.e-sankey.com</a><br>

<br>

<br>

</font></span></blockquote></div><br></div>