The toolset provided by Openssl offers the simplest way to test whether a server allows for client-side renegotiation in the established tunnel.
Note: This doesn't necessarily mean that the application beneath is vulnerable to attacks over this channel, but indicates the server allows attacks to happen.
Generic Example
Openssl s_client -connect yourserver.com:443
R (Triggers renegotiation - if this works, the server accepts renegotiations within an existing TLS session Requirement)
GET /clientcontrolled.html http\1.0
View the original article here
This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.
Hiç yorum yok:
Yorum Gönder