2.11.2006

Determine SSL ciphers running on your web server

SSL Digger - Nice free tool from FoundStone (division of McAfee) for determining what SSL versions and encryption ciphers your web server supports.  If you are running a crucial web server you might want to turn off the weak ciphers and SSL version (SSL2).  The browser and server are supposed to negotiate the highest cipher and SSL version, but some ciphers have already been proven to be weak and vulnerable to crack/attack.

www.foundstone.com  It's kind-of hard to navigate the site: click on resources, then on the left side, "free tools". You should see it under the "Foundstone S3i™ Tools".

No comments: