Projekt Kryptographie
Bewertung: Implementierung 50%, Ausarbeitung 30%, Präsentation 20%
kann in 2er-Teams oder einzeln bearbeitet werden
Präsentation: --.01.2019, pro Gruppe 30 Min
(Termin noch festzulegen)
Abgabe: bis 31.01.2020, 23:59 Uhr
BSI empfiehlt in einem technical report namens BSI TR-02102-2 gewisse Konfigurationseinstellungen bzgl. TLS (Kryptoprotkolle, Modi)
Aufgabe ist, die Verifizierung dieser Einstellungen remote mit Hilfe von libressl zu implementieren, analog zu den Ausgaben des folgenden http_analyzer
$ ./http\_analyzer www-crypto Your OpenSSL does not support SSLv2 [O] SSLv2 Cipher and DROWN vulnerability can't be detected Your OpenSSL does not support SSLv3 [O] SSLv3 Cipher can't be detected ---START------------------------------------------ server : www-crypto 134.96.218.252 timestamp: Wed Oct 16 10:16:38 2019 -------------------------------------------------- ---checking redirections [+] HTTP -> HTTPS enabled [+] HTTPS untouched ---Checking SSL Version--------------------------- [O] server supports TLS1.0 no security issue if properly configured but needed for IE 7-10 and old Android phones see https://en.wikipedia.org/wiki/Template:TLS/ SSL_support_history_of_web_browsers [+] server supports TLS1.1 [+] server supports TLS1.2 ---Checking Certificate--------------------------- [-] subject www-crypto.htwsaar.de != hostname www-crypto [+] hostname found in alternate name section ---Checking Heartbleed---------------------------- ---Checking Freak--------------------------------- [+] EXPORT ciphers unsupported (TLSv1.0) [+] EXPORT ciphers unsupported (TLSv1.1) [+] EXPORT ciphers unsupported (TLSv1.2) ---Checking Poodle-------------------------------- [-] server doesn't support TLS FALLBACK SCSV messages -------------------------------------------------- timestamp: Wed Oct 16 10:16:39 2019 ---DONE-------------------------------------------
page updated Oct 16, 2019