Comments (4)
lgarron
commented on May 18, 2024
It's totally a fair use case. After all, the site is called "bad ssl".
Some of the subdomains require certain TLS versions to support the proper features, but I've changed the default config, which is used by these domains.
Would you mind testing if that serves your need for those domains?
If so, I can try to put in the work to expand to more subdomains.
from badssl.com.
fishouttah20
commented on May 18, 2024
A slight problem with the DH*.badssl.com domains. It looks like RSA-3DES snuck in on the TLS1/SSLv3 protocol configs so DH2048.badssl.com is visible on winXP with ie6 because it connects using a non-DHE cipher suite (and thus gives false positives). Other than that, this is exactly what I needed.
from badssl.com.
fishouttah20
commented on May 18, 2024
Here is the output from sslyze for dh2048.badssl.com, it believes that only SSLv3 ciphers are non-DHE. ssllabs.com seemed to think it was connecting via tlsv1 and 3DES for IE8+XP, but as that is an simulation, I'm more inclined to test sslyze here.
- TLSV1_2 Cipher Suites:
Preferred:
DHE-RSA-AES128-GCM-SHA256 DH-2048 bits 128 bits HTTP 200 OK
Accepted:
DHE-RSA-AES256-SHA256 DH-2048 bits 256 bits HTTP 200 OK
DHE-RSA-AES256-SHA DH-2048 bits 256 bits HTTP 200 OK
DHE-RSA-AES256-GCM-SHA384 DH-2048 bits 256 bits HTTP 200 OK
DHE-RSA-AES128-SHA256 DH-2048 bits 128 bits HTTP 200 OK
DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK
DHE-RSA-AES128-GCM-SHA256 DH-2048 bits 128 bits HTTP 200 OK- TLSV1_1 Cipher Suites:
Preferred:
DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK
Accepted:
DHE-RSA-AES256-SHA DH-2048 bits 256 bits HTTP 200 OK
DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK - SSLV3 Cipher Suites:
Preferred:
ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK
Accepted:
ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits HTTP 200 OK
DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits HTTP 200 OK
DHE-RSA-AES256-SHA DH-1024 bits 256 bits HTTP 200 OK
CAMELLIA256-SHA - 256 bits HTTP 200 OK
AES256-SHA - 256 bits HTTP 200 OK
ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK
DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits HTTP 200 OK
DHE-RSA-AES128-SHA DH-1024 bits 128 bits HTTP 200 OK
CAMELLIA128-SHA - 128 bits HTTP 200 OK
AES128-SHA - 128 bits HTTP 200 OK
ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits HTTP 200 OK
DES-CBC3-SHA - 112 bits HTTP 200 OK - TLSV1 Cipher Suites:
Preferred:
DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK
Accepted:
DHE-RSA-AES256-SHA DH-2048 bits 256 bits HTTP 200 OK
DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK
- TLSV1_1 Cipher Suites:
from badssl.com.
fishouttah20
commented on May 18, 2024
Closing this issue because the original ask was completed (but opening a new issue given the false positive problem)
from badssl.com.
Related Issues (20)
- feature request: server that does not support the Renegotiation Indication Extension (RFC 5746) HOT 13
- Wishlist: Delegated credentials (subcerts)
- Root CA used in client.badssl.com
- ECC Certs Expired HOT 1
- EV cert has just expired as well HOT 1
- null.badssl.com does not offer NULL cipher suites, does offer non-NULL cipher suites HOT 1
- Request: add DSA certificate HOT 1
- Certificate https://revoked.badssl.com/ has expired HOT 6
- Expired Certificate: extended-validation.badssl.com HOT 2
- thank you support this test web, I create a project domain-admin
- The certificate expires HOT 4
- Certificate expired: https://incomplete-chain.badssl.com/ HOT 1
- Certificate expired: captive-portal.badssl.com
- Certificate expired: badssl.com HOT 2
- how to use the badssl docker image with custom DNS name not badssl.test server for testing purposes ? HOT 1
- Add certificate with a too long validity period (>397/398 days & >825 days) HOT 1
- https://mixed-script.badssl.com/ HOT 4
- Expired certificate for incomplete-chain.badssl.com HOT 2
- As badssl.com seems dead - any recommended alternatives? HOT 2
- Error installing rubygems-update: rubygems-update requires Ruby version >= 3.0.0.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from badssl.com.