Ways to test your server for SSL vulnerabilities

Overview

Self-testing for SSL vulnerabilities can be performed via several methods. Each of the methods below gives visibility into slightly different facets of the SSL configuration and posture of the server.

Information

For internet-facing SSL Web servers on tcp port 443

1) Qualys' SSL Tester: https://www.ssllabs.com/ssltest/index.html   
Note: Remember to check the "Do not show the results on the boards" box

Results in orange or red should be remediated

2) Mozilla's SSL Observatory: https://observatory.mozilla.org/

Results with a red X should be evaluated for remediation

 

For internal-only servers or servers on non-standard ports

1) Testssl.sh bash script: https://github.com/drwetter/testssl.sh

Note: This script may require a recent [less than 3 year old] *nix installation to work

Results in orange or red should be remediated

Results in yellow should be evaluated for relevance and security impact

 

For advanced testing

Please use the Information Security Consulting ticket form: https://service.uoregon.edu/TDClient/Requests/TicketRequests/NewForm?ID=cz%7eg%7ezsiMvc_

Details

Article ID: 70780
Created
Thu 1/24/19 10:21 AM
Modified
Fri 1/25/19 8:21 AM