Skip to content

Instantly share code, notes, and snippets.

@stephdl

stephdl/gist:72ef84c7fc81bf22c73bc842e48021a9

Created June 25, 2018 12:57
Show Gist options
  • Save stephdl/72ef84c7fc81bf22c73bc842e48021a9 to your computer and use it in GitHub Desktop.
Save stephdl/72ef84c7fc81bf22c73bc842e48021a9 to your computer and use it in GitHub Desktop.
Download ZIP
slapd_and_ciphers
Raw
gistfile1.txt
#ECC cert and tls policy default
[root@ns7loc6 ~]# nmap --script ssl-enum-ciphers 127.0.0.1 -p 636
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-25 14:43 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (31s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
| TLSv1.0:
| ciphers:
| TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
| TLSv1.1:
| ciphers:
| TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - strong
| TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_ECDH_ECDSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
#ECC cert and tls policy 20180621
[root@ns7loc6 ~]# nmap --script ssl-enum-ciphers 127.0.0.1 -p 636
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-25 14:44 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (-90s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| TLSv1.1:
| ciphers:
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - strong
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - strong
| TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
# RSA cert and tlspolicy20180621
[root@ns7loc6 ~]# nmap --script ssl-enum-ciphers 127.0.0.1 -p 636
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-25 14:46 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (-810s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| TLSv1.1:
| ciphers:
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
# RSA cert and tlspolicy20180330
[root@ns7loc6 ~]# nmap --script ssl-enum-ciphers 127.0.0.1 -p 636
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-25 14:46 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (1300s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.1:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
|_ least strength: weak
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
# RSA cert and tlspolicy default
[root@ns7loc6 ~]# nmap --script ssl-enum-ciphers 127.0.0.1 -p 636
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-25 14:47 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (-1400s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.1:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
|_ least strength: weak
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment