5 comments

[ 2.4 ms ] story [ 22.9 ms ] thread
Cool, I'll have to take a look. Qualys SSL labs has a cool set of tools to output not only the supported versions/ciphers, but shows what OS/browser combos would be able to connect to the site.

Good work.

The aim of this tool is quite different to that of ssl labs (which is a great tool btw). This is very much focussed on what the server is using (or any SSL accelerators that might be in front of it).
"Supports both pure SSL/TLS protocols like HTTPS and those that use STARTTLS such as SMTP and POP3."

There exists other reasons than HTTPS to use TLS.

Note that rich does not claim anything else. However, there is a fundamental difference between "initiate TLS connection from byte 0" (as used in HTTPS, but also IMAPS or SMTPS) and STARTTLS, where the protocol is plain text until the client issues the STARTTLS command, make makes protocols that were designed to TLS-enable plain text only protocols such as IMAP and SMTP (without the 'S'), while keeping the port number.

That was the point of this note. And of course there are even more use cases for TLS.

Yes, please don't think I'm saying that I think protocols that start off as plain text then upgrade are a good design - I don't. All I mean there is that I've written the code required to fingerprint the implementation those use too, by performing the plain text negotiation before each probe.