为此,我需要找出服务器支持的最差/最佳协议和最弱/最强的密码。在
以下是我使用sslyze的代码:from plugins import PluginOpenSSLCipherSuites
from nassl import SSLV2, SSLV3, TLSV1, TLSV1_1, TLSV1_2
shared_settings = {'certinfo': 'basic', 'starttls': None, 'resum': True, 'resum_rate': None, 'http_get': True, 'xml_file': '/tmp/example.com_443.xml', 'compression': True, 'tlsv1': True, 'targets_in': None, 'keyform': 1, 'hsts': None, 'sslv3': True, 'sslv2': True, 'https_tunnel': None, 'nb_retries': 4, 'heartbleed': True, 'sni': None, 'https_tunnel_host': None, 'regular': False, 'key': None, 'reneg': True, 'tlsv1_2': True, 'tlsv1_1': True, 'hide_rejected_ciphers': True, 'keypass': '', 'cert': None, 'certform': 1, 'timeout': 5, 'xmpp_to': None}
target = ('example.com', '1.2.3.4', 443, TLSV1_2)
cipher_plugin = PluginOpenSSLCipherSuites.PluginOpenSSLCipherSuites()
cipher_plugin._shared_settings = shared_settings
protocols = ['sslv2', 'sslv3', 'tlsv1', 'tlsv1_1', 'tlsv1_2']
for p in protocols:
cipher_result = cipher_plugin.process_task(target, p, None)
cipher_result = cipher_plugin.process_task
if any('Accepted' in c for c in cipher_result.get_txt_result()):
worst_protocol = p
break
for p in reversed(protocols):
cipher_result = cipher_plugin.process_task(target, p, None)
if any('Accepted' in c for c in cipher_result.get_txt_result()):
best_protocol = p
break
print(worst_protocol)
print(best_protocol)
ciphers = []
for protocol in ('sslv2', 'sslv3', 'tlsv1', 'tlsv1_1', 'tlsv1_2'):
cipher_result = cipher_plugin.process_task(target, protocol, None)
for e in cipher_result.get_txt_result():
if 'bits' in e:
ciphers.append(e.split()[1])
print(sorted(ciphers)[0])
print(sorted(ciphers)[-1])
因为这需要一些时间来完成。在
使用下面的代码,执行时间从~50秒减少到~40秒。还有什么可以改进的吗?在
^{pr2}$
2700
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
