Projekt Kryptographie
Bewertung: Implementierung 50%, Ausarbeitung 30%, Präsentation 20%
kann in 2er-Teams oder einzeln bearbeitet werden
Präsentation: --.01.2019, pro Gruppe 30 Min
(Termin noch festzulegen)
Abgabe: bis 31.01.2020, 23:59 Uhr
BSI empfiehlt in einem technical report namens BSI TR-02102-2 gewisse Konfigurationseinstellungen bzgl. TLS (Kryptoprotkolle, Modi)
Aufgabe ist, die Verifizierung dieser Einstellungen remote mit Hilfe von libressl zu implementieren, analog zu den Ausgaben des folgenden http_analyzer
$ ./http\_analyzer www-crypto
Your OpenSSL does not support SSLv2
[O] SSLv2 Cipher and DROWN vulnerability can't be detected
Your OpenSSL does not support SSLv3
[O] SSLv3 Cipher can't be detected
---START------------------------------------------
server : www-crypto 134.96.218.252
timestamp: Wed Oct 16 10:16:38 2019
--------------------------------------------------
---checking redirections
[+] HTTP -> HTTPS enabled
[+] HTTPS untouched
---Checking SSL Version---------------------------
[O] server supports TLS1.0
no security issue if properly configured
but needed for IE 7-10 and old Android phones
see https://en.wikipedia.org/wiki/Template:TLS/
SSL_support_history_of_web_browsers
[+] server supports TLS1.1
[+] server supports TLS1.2
---Checking Certificate---------------------------
[-] subject www-crypto.htwsaar.de != hostname www-crypto
[+] hostname found in alternate name section
---Checking Heartbleed----------------------------
---Checking Freak---------------------------------
[+] EXPORT ciphers unsupported (TLSv1.0)
[+] EXPORT ciphers unsupported (TLSv1.1)
[+] EXPORT ciphers unsupported (TLSv1.2)
---Checking Poodle--------------------------------
[-] server doesn't support TLS FALLBACK SCSV messages
--------------------------------------------------
timestamp: Wed Oct 16 10:16:39 2019
---DONE-------------------------------------------
page updated Oct 16, 2019