Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How's Your SSL/TLS?


  • Please log in to reply
14 replies to this topic

#1 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:04:32 PM

Posted 24 February 2015 - 09:28 AM

How's My SSL? is a website that tells you how secure your TLS client is.
 

https://www.howsmyssl.com/

 
FYI - The best ranking your system's browsers can achieve is Probably Okay.

 

VT scores this site 0/62


Edited by 1PW, 24 February 2015 - 10:59 AM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 24 February 2015 - 09:29 AM

"Your SSL client is Probably Okay". So there's a chance that my client isn't okay? But this is the best level I can achieve? What's the point?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:32 AM

Posted 24 February 2015 - 09:52 AM

The point is that it's impossible to prove that it's ok..

 

All one can do is prove that it's not ok.. If there's no known way that it's not ok, then it's probably okay, but you don't know for sure because it might be not okay in a way you haven't thought of.


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:07:32 PM

Posted 24 February 2015 - 09:56 AM

https://ssllabs.com is a server-side test as well.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#5 1PW

1PW
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:04:32 PM

Posted 24 February 2015 - 11:59 AM

Try testing the latest stable Safari v8.0.3

 

If someone is still holding out with an XPx86SP3 system, try IE 8.

 

Try IE 11.


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#6 1PW

1PW
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:04:32 PM

Posted 24 February 2015 - 12:24 PM

https://ssllabs.com is a server-side test as well.

 
This is very informative for evaluating the server's basic web site security of financial institutions.
 
Thank you iangcarroll.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 24 February 2015 - 01:49 PM

"Your SSL client is Probably Okay" this is what I get for Internet Explorer 11 on Windows 8.1 64-bits. I can try Internet Explorer 8 on Windows XP SP3 32-bits once I get home, I have it on a VM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 24 February 2015 - 04:50 PM

Qualys has also a page:

https://www.ssllabs.com/ssltest/viewMyClient.html

 

Gives you more (technical) details.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 24 February 2015 - 05:36 PM

Well Didier I want on your website with the latest version of Google Chrome 64-bits.

C5NGexN.png

I thought that Google said something about modifying the Chrome browser in the next release at the time POODLE was discovered to disable SSL3 and use something else. Looks like they didn't do it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:06:32 PM

Posted 24 February 2015 - 05:49 PM

I went to that site and did that test with chrome, mine is fine for poodle.

 

Took a screenshot, but can't figure out how to attach it.



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:32 AM

Posted 24 February 2015 - 07:39 PM

I got "Probably Okay" too. Google Chrome x64 running on Windows 7 Ultimate.

Took a screenshot, but can't figure out how to attach it.

You can upload it to an online hosting service like Photobucket, then copy the IMG link directly into your post.

Alex

#12 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:06:32 PM

Posted 24 February 2015 - 08:57 PM

I had to re-install windows and everything else a couple of weeks ago, and hadn't gotten around to re-installing Dropbox. Done so now.

test.jpg

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 25 February 2015 - 11:54 AM

Well Didier I want on your website with the latest version of Google Chrome 64-bits.

C5NGexN.png

I thought that Google said something about modifying the Chrome browser in the next release at the time POODLE was discovered to disable SSL3 and use something else. Looks like they didn't do it.

 

Did the test with my Chrome browser (latest version), and I've no POODLE warning. I looked under protocols, and saw that SSL is disabled. I assume it is enabled in your case?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 25 February 2015 - 02:18 PM

How to Disable Browser Support for the SSL 3.0 Protocol
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 25 February 2015 - 02:22 PM

Did the test with my Chrome browser (latest version), and I've no POODLE warning. I looked under protocols, and saw that SSL is disabled. I assume it is enabled in your case?


Looks like it, I'll try it once I get home tonight and see what it gives when I disable it, but I recall disabling it when POODLE came out.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users