sunhux
asked on
gnutls-cli or any other Linux tool to verify TLS version
https://scottlinux.com/2014/03/12/test-ssl-tls-with-gnutls-from-the-command-line/
refer to the above.
Q1:
Where can I download the above for RHES 5.x & 6.x?
(not source code but ready to use tool)
Q2:
Is there any other tool like the above that's not in
rpm package form which doesn't need to be installed
& can just run standalone (just like putty in Windows).
I prefer not to install anything but would like to
verify our TLS version after updating/patching it.
'rpm -qa ...gnu-package...' only shows the updated
/patched package but what's needed is like the
above tool to verify if Apache has effectively used
the new/patched TLS
Q3:
Besides Apache, what other common apps in RHES
/RHEL uses gnutls ?
refer to the above.
Q1:
Where can I download the above for RHES 5.x & 6.x?
(not source code but ready to use tool)
Q2:
Is there any other tool like the above that's not in
rpm package form which doesn't need to be installed
& can just run standalone (just like putty in Windows).
I prefer not to install anything but would like to
verify our TLS version after updating/patching it.
'rpm -qa ...gnu-package...' only shows the updated
/patched package but what's needed is like the
above tool to verify if Apache has effectively used
the new/patched TLS
Q3:
Besides Apache, what other common apps in RHES
/RHEL uses gnutls ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Could point me to URLs/links that have gnutls-cli binary
for RHES 5.8, 5.9, 6.1 ?
for RHES 5.8, 5.9, 6.1 ?
ASKER
I mean standalone binary that doesn't need installation:
gnutls-cli (for Linux) or gnutls-cli.exe (for Windows)
gnutls-cli (for Linux) or gnutls-cli.exe (for Windows)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>why the hell don't you actually install that rpm ?
To install an rpm is a change & will require an approved CR.
Just running the binary that's copied to the server is not a
change.
I just googled & found that cygwin has this tool built into it
but I'll need to install cygwin on a laptop (or non-critical
server)
To install an rpm is a change & will require an approved CR.
Just running the binary that's copied to the server is not a
change.
I just googled & found that cygwin has this tool built into it
but I'll need to install cygwin on a laptop (or non-critical
server)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
come on you can install oracle linux or centos in vrtualbox or vmware or virtual pc, and extract 1:1 gnutls-cli from their RPMs.
I'd say it is better to ask admin to extract the binary you need in your directory (or at least they will handle your request for new software)
I'd say it is better to ask admin to extract the binary you need in your directory (or at least they will handle your request for new software)
ASKER
Ok, thanks got your point now.
Just to sidetrack, how do I detect if I have a vulnerable OpenSSL
for the bugnote below. What's the openssl command that I can
execute to detect/verify this?
Google Security's Neel Mehta and 3 researchers from security vendor Codenomicon,
explains that the Heartbleed vulnerability could expose some of the most sensitive
data transmitted over the Internet, including the secret keys used for X.509 certificates,
usernames and passwords, emails and instant messages, and any other
communications supposedly protected by an OpenSSL implementation.
"This bug has left [a] large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation, and attacks leaving no trace, this exposure should be taken seriously."
Just to sidetrack, how do I detect if I have a vulnerable OpenSSL
for the bugnote below. What's the openssl command that I can
execute to detect/verify this?
Google Security's Neel Mehta and 3 researchers from security vendor Codenomicon,
explains that the Heartbleed vulnerability could expose some of the most sensitive
data transmitted over the Internet, including the secret keys used for X.509 certificates,
usernames and passwords, emails and instant messages, and any other
communications supposedly protected by an OpenSSL implementation.
"This bug has left [a] large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation, and attacks leaving no trace, this exposure should be taken seriously."
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gee, thanks a lot guys.
We have Solaris x86 that run OpenSSL 0.97.x : is this affected?
The official vulnerability site did not indicate if this is affected.
We have Solaris x86 that run OpenSSL 0.97.x : is this affected?
The official vulnerability site did not indicate if this is affected.
no, it does not implement any TLS version
SSLv3 has its own dragons
SSLv3 has its own dragons
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the gnutls-cli binary & it will run?
Any other tool with similar function that doesn't require
installation (just like putty)? Even a Windows freeware
is fine