SSL Audit software scans servers for SSL/TLS support using its own SSL/TLS Parser for detecting all known and RFC defined cipher suites, without limitations of SSL engines such as OpenSSL or NSS.
I recently had the opportunity to test out SSL Audit, a server scanning tool designed to explore and audit SSL/TLS support. After using the software, I was impressed by the tool's own rudimentary SSL/TLS parser, which doesn't limit it to the ciphers supported by SSL engines like OpenSSL or NSS. This means that SSL Audit can detect all known and RFC-defined cipher suites without restriction.
The latest version of SSL Audit, version 0.8, comes with a few tweaks that make it even more efficient. Despite the upgrades, the software still relies on its rudimentary SSL Engine, which gives it an added advantage over engines that limit the number of ciphersuites and protocols available.
One feature that I remain particularly proud of is SSL Stack fingerprinting, which still seems to be working nicely for me. While I haven't updated it in some time, I encourage users to try it out and let me know how it works, especially those with access to less-known SSL stacks.
In terms of changes, SSL Audit version 0.8 has added support for TLS 1.2 CAMELIA ciphersuites, which is a great addition. The software also speeds up SSLv2 enumeration and has added the complete range of ARIA ciphersuites to its arsenal. Overall, I highly recommend SSL Audit to anyone looking for a versatile and comprehensive SSL/TLS scanning tool.
The latest version of SSL Audit, version 0.8, comes with a few tweaks that make it even more efficient. Despite the upgrades, the software still relies on its rudimentary SSL Engine, which gives it an added advantage over engines that limit the number of ciphersuites and protocols available.
One feature that I remain particularly proud of is SSL Stack fingerprinting, which still seems to be working nicely for me. While I haven't updated it in some time, I encourage users to try it out and let me know how it works, especially those with access to less-known SSL stacks.
In terms of changes, SSL Audit version 0.8 has added support for TLS 1.2 CAMELIA ciphersuites, which is a great addition. The software also speeds up SSLv2 enumeration and has added the complete range of ARIA ciphersuites to its arsenal. Overall, I highly recommend SSL Audit to anyone looking for a versatile and comprehensive SSL/TLS scanning tool.
What's New
Version 0.8: N/A