nginx
nginx 및 웹서버에서 지원하는 cipher suite 확인 하는 법
155 views
블로그 불러오는 중...
nginx
보안 취약점을 점검하기 위해 Web Server에서 사용하는 Cipher Suite 목록을 확인하는 방법을 정리합니다.
GitHub에서 제공하는 get_cipher_suites.sh 스크립트를 활용하여 서버에서 활성화된 TLS 버전과 사용 가능한 Cipher Suite 를 확인할 수 있습니다.
./get_cipher_suites.sh -t <서버 IP 주소>./get_cipher_suites.sh -t 172.0.0.1Obtaining cipher list from OpenSSL 1.0.2k-fips 26 Jan 2017.
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-ECDSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-ECDSA-AES256-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-ECDSA-AES256-SHA...YES
Testing DH-DSS-AES256-GCM-SHA384...YES
Testing DHE-DSS-AES256-GCM-SHA384...YES
Testing DH-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-DSS-AES256-SHA256...YES
Testing DH-RSA-AES256-SHA256...YES
Testing DH-DSS-AES256-SHA256...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-DSS-AES256-SHA...YES
Testing DH-RSA-AES256-SHA...YES
Testing DH-DSS-AES256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-DSS-CAMELLIA256-SHA...YES
Testing DH-RSA-CAMELLIA256-SHA...YES
Testing DH-DSS-CAMELLIA256-SHA...YES
Testing AECDH-AES256-SHA...YES
Testing ADH-AES256-GCM-SHA384...YES
Testing ADH-AES256-SHA256...YES
Testing ADH-AES256-SHA...YES
Testing ADH-CAMELLIA256-SHA...YES
Testing ECDH-RSA-AES256-GCM-SHA384...YES
Testing ECDH-ECDSA-AES256-GCM-SHA384...YES
Testing ECDH-RSA-AES256-SHA384...YES
Testing ECDH-ECDSA-AES256-SHA384...YES
Testing ECDH-RSA-AES256-SHA...YES
Testing ECDH-ECDSA-AES256-SHA...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...YES
Testing PSK-AES256-CBC-SHA...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-ECDSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-ECDSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-ECDSA-AES128-SHA...YES
Testing DH-DSS-AES128-GCM-SHA256...YES
Testing DHE-DSS-AES128-GCM-SHA256...YES
Testing DH-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-DSS-AES128-SHA256...YES
Testing DH-RSA-AES128-SHA256...YES
Testing DH-DSS-AES128-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-DSS-AES128-SHA...YES
Testing DH-RSA-AES128-SHA...YES
Testing DH-DSS-AES128-SHA...YES
Testing DHE-RSA-SEED-SHA...YES
Testing DHE-DSS-SEED-SHA...YES
Testing DH-RSA-SEED-SHA...YES
Testing DH-DSS-SEED-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-DSS-CAMELLIA128-SHA...YES
Testing DH-RSA-CAMELLIA128-SHA...YES
Testing DH-DSS-CAMELLIA128-SHA...YES
Testing AECDH-AES128-SHA...YES
Testing ADH-AES128-GCM-SHA256...YES
Testing ADH-AES128-SHA256...YES
Testing ADH-AES128-SHA...YES
Testing ADH-SEED-SHA...YES
Testing ADH-CAMELLIA128-SHA...YES
Testing ECDH-RSA-AES128-GCM-SHA256...YES
Testing ECDH-ECDSA-AES128-GCM-SHA256...YES
Testing ECDH-RSA-AES128-SHA256...YES
Testing ECDH-ECDSA-AES128-SHA256...YES
Testing ECDH-RSA-AES128-SHA...YES
Testing ECDH-ECDSA-AES128-SHA...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...YES
Testing AES128-SHA...YES
Testing SEED-SHA...YES
Testing CAMELLIA128-SHA...YES
Testing PSK-AES128-CBC-SHA...YES
Testing ECDHE-RSA-DES-CBC3-SHA...YES
Testing ECDHE-ECDSA-DES-CBC3-SHA...YES
Testing EDH-RSA-DES-CBC3-SHA...YES
Testing EDH-DSS-DES-CBC3-SHA...YES
Testing DH-RSA-DES-CBC3-SHA...YES
Testing DH-DSS-DES-CBC3-SHA...YES
Testing AECDH-DES-CBC3-SHA...YES
Testing ADH-DES-CBC3-SHA...YES
Testing ECDH-RSA-DES-CBC3-SHA...YES
Testing ECDH-ECDSA-DES-CBC3-SHA...YES
Testing DES-CBC3-SHA...YES
Testing IDEA-CBC-SHA...YES
Testing PSK-3DES-EDE-CBC-SHA...YES
Testing KRB5-IDEA-CBC-SHA...YES
Testing KRB5-DES-CBC3-SHA...YES
Testing KRB5-IDEA-CBC-MD5...YES
Testing KRB5-DES-CBC3-MD5...YES
Testing ECDHE-RSA-RC4-SHA...YES
Testing ECDHE-ECDSA-RC4-SHA...YES
Testing AECDH-RC4-SHA...YES
Testing ADH-RC4-MD5...YES
Testing ECDH-RSA-RC4-SHA...YES
Testing ECDH-ECDSA-RC4-SHA...YES
Testing RC4-SHA...YES
Testing RC4-MD5...YES
Testing PSK-RC4-SHA...YES
Testing KRB5-RC4-SHA...YES
Testing KRB5-RC4-MD5...YES
Testing ECDHE-RSA-NULL-SHA...YES
Testing ECDHE-ECDSA-NULL-SHA...YES
Testing AECDH-NULL-SHA...YES
Testing ECDH-RSA-NULL-SHA...YES
Testing ECDH-ECDSA-NULL-SHA...YES
Testing NULL-SHA256...YES
Testing NULL-SHA...YES
Testing NULL-MD5...YESGithub 저장소 통해, 해당 Cipher suite 확인 바란다~!