[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Athena SSL Cipher Check v0.6.2
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Athena SSL Cipher Check v0.6.2
- From: Darren McDonald <athena@xxxxxxxxxxxxx>
- Date: Wed, 5 Jan 2011 22:12:46 +0000
Athena SSL Cipher Check has been updated to version 0.6.2, and
contains some important bug fixes.
Download it from http://dmcdonald.net/athena-ssl-cipher-check_v062.tar.gz
athena-ssl-cipher-check is an SSL Cipher scanner. Unlike most
scanners, rather than scanning the
few ciphers openssl supports, it checks for every possible cipher by
enumerating all 65536 cipher codes.
<arse covering>
Id recommended runnning it along another checker, as while athena is
becoming more reliable, I imagine there are some more bugs out there.
Athena's rather aggressive implementation of SSL/TLS can sometimes
break stuff, dont run it against critical live infrastructure! :)
</arse covering>
I'd be greatful for any bugs/comments you have.
26 Aug 2010 - Update v0.521
* It appears I left a bit of debug code which outputed '*' symbols.
v0.521 should fix this
8 Sept 2010 - Update v0.53
* The time it takes Athena to run has been reduced by about 20-50%
* A bug where Athena incorrectly reported it was scanning first and
second arguements,
even if they were options has been corrected
27 Oct 2010 - Update v0.6
* Bug fixed which sometimes prevented athena from seeing some sslv2 ciphers
* Includes a client side cipher checker
* Can now identify over 200 cipher codes
5 Jan 2011 - Update v0.62
* Bug fixed which sometimes prevents athena seeing some ciphers (thanks Dom)
* Bug fixed which sometimes caused athena to erronously report known
ciphers as unknown
* --lazy mode added which advises on which ciphers to disable (Thanks
to other Dom)
* --safe mode which allows athena to work with webservers which do not
follow the RFCs and ignore the first ciphersuite size byte.
* General code tidy
* Added another SSLv2 cipher (8 total)
* Can now identify 215 SSLv3/TLSv1 Ciphers
Thanks,
Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/