cloud.ccchb.de erlaubt Cipher Suites ohne PFS #27

Open
opened 2021-03-07 21:51:34 -06:00 by Fritz · 0 comments
Owner

Die Cloud unter cloud.ccchb.de erlaubt Cipher Suites ohne PFS.

$ openssl s_client -connect cloud.ccchb.de:443 -cipher 'AES256-SHA'
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cloud.ccchb.de
verify return:1
---
Certificate chain
 0 s:CN = cloud.ccchb.de
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISBJv5xY24r8e8JkpQpDK7j5/EMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTAzMDYxNjQ4NTRaFw0yMTA2MDQxNjQ4NTRaMBkxFzAVBgNVBAMT
DmNsb3VkLmNjY2hiLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
uXf0xVJLuMqZ0XoB2DsIc4REm99z81EY1/laP1aLhsxTXSPgjcRG8l+BcagSPMs7
mUmcoSaYlBZxM70MQQ0YvK2ZA/aHKe8K5pyKvSLyZkVT44Q1IARYTernHWOGa5i7
k50EdHtMsT55o6s+rpULyD/MoD/1McpXbndhenAteEP4BBYu7Vf7Ag/I86e4QSFQ
4kSpe2d1ft0x4AWeP+/iZpgKW8kD5f0RH0OuUw8lMTLphIAdZD+xPNTw/Vdm2l9X
lnXogGCNPZdVGUOy2bwuw0EiCGI7vrL9fl6gXKPZjoJxS9wRFPrjYRBjX46RCx8W
jgmlAdB6RPQNHkBKg2ErPWF9958oAkUQYYP2CGtnUT8hYNP5xbWgIe4WYNGW0qIX
3lHFc1c2RJB+7q/OoK02gG2W4crkrAsN01o9DFHKF1WQ2TQhOo/zfRSzmzQcMM0N
KpjWtFdtkoLQ3MEF+9trg6YnePu3WEheytA4N6aX5vy9awYURez004724EAnmZvt
dUi7duIchPzaUb3nNOHTRP499/X6zgmbqDDWooZ7NbLHYgTxfn5Iz7wDhdaVGsse
f3qeaH697p5qJ8g3Pwh0B19VJPI7cLPlfbVrtKE6iphuwgkNtZAw9t5d7ikZmXjq
r8vYMKWD6TSK5egcEMaXPWlv/3cQ4pzpkPPhJEhuVAkCAwEAAaOCAkgwggJEMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUBelvzyrnQIbbA5r2lEbwT2WpxdcwHwYDVR0j
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9yMy5pLmxlbmNyLm9yZy8wGQYDVR0RBBIwEIIOY2xvdWQuY2NjaGIuZGUwTAYD
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdQD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAXgIqAycAAAE
AwBGMEQCIGVIKVDEH8efblFuG8qbSIFhrkE88oz4dNA1Yo8RH3qNAiBDRAi/pEk1
mbsVJFYmBHOKJitEX+RYeQ+hJT/5sfsmAgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ
AsEAKQaNsgiaN9kTAAABeAioDdMAAAQDAEcwRQIgIYOIVwKYBj20lWYzYuQMZAXb
lI8WWLmn4AbDe+QyU2cCIQDgJL+B5cS/GMotpXozFW/vmm5kyErW32bAthoIIwtf
zzANBgkqhkiG9w0BAQsFAAOCAQEASyct/bA+RW6WyXD/HpIZvKxm4Eb5pyuf2Trp
KCu7xWyx2WhmZj0jK8G2P9rDkBHB8yzwhpq+FGWyYD+Uw7WbyXCdx07rwlDxfLkF
EQB5x3q7/riipWznkbs+TmsvZQ+6LNoZogp7V7IMnwVEir292YO2qDrd260Xd9Cz
G2gxF0ZGRJFx3A1oW4q0D7/ImQvZe97dGAh9qlyN6UvchIAn7M4yo289g3TSkxqe
exN1V0El7ViAj53Xy9bEENVP7kxo0qt8GraL+EBbOr21+q58A5SVX8G0kAacgo9S
SOy16CcFxv7zpOkoUpfDvQxaynTKSk5UrDtx/32nsMuBXmMFNQ==
-----END CERTIFICATE-----
subject=CN = cloud.ccchb.de

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
---
SSL handshake has read 3065 bytes and written 866 bytes
Verification: OK
---
New, SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA
    Session-ID: 29180566AF4B5750AEFF982775695D77EF695EE41B1FA30CC941BE9EBA4E55A3
    Session-ID-ctx: 
    Master-Key: 74ED552112D2D4D8AD96E25BAC6314C8DD35C2A8F9BF8B180B1F16EDBEEE4E2090F78AE7796317F34BF1881F7A8D20EC
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - ec dc c1 0b db 30 c4 36-43 ce 2c 0d 7a 38 92 a7   .....0.6C.,.z8..
    0010 - 0c 3b 3f 68 25 3e a4 54-17 c9 33 9d 91 1e 47 c9   .;?h%>.T..3...G.
    0020 - e7 a3 17 c0 40 4e f1 80-d8 37 a2 23 d5 6a 46 50   ....@N...7.#.jFP
    0030 - d6 99 ee 9f ad e6 1e 22-d3 ab 21 2f 0f a7 28 10   ......."..!/..(.
    0040 - aa 86 6b ff f1 a4 6f b0-64 16 9c ae 1d 5b 07 6e   ..k...o.d....[.n
    0050 - fb cb b6 41 8e 1d ee 5f-87 5c 9e 87 e4 f0 7a 52   ...A..._.\....zR
    0060 - 79 93 1e 6e 06 b9 3c 2a-95 f3 d9 b6 1e f1 11 88   y..n..<*........
    0070 - 7a 01 e0 c5 ff 85 52 0e-91 69 ac d2 ae 21 7f 11   z.....R..i...!..
    0080 - 29 e8 da 9e a1 4f 79 9a-7a b2 41 7d 86 c1 23 a2   )....Oy.z.A}..#.
    0090 - 6d 25 c0 2d 35 4c 2e 39-3e de 8c 6e 93 c7 b2 d1   m%.-5L.9>..n....
    00a0 - 63 15 fe 30 3f 1b 2d ec-87 44 ab b2 74 c2 92 ba   c..0?.-..D..t...

    Start Time: 1615175346
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
Die Cloud unter `cloud.ccchb.de` erlaubt Cipher Suites ohne PFS. ``` $ openssl s_client -connect cloud.ccchb.de:443 -cipher 'AES256-SHA' CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = cloud.ccchb.de verify return:1 --- Certificate chain 0 s:CN = cloud.ccchb.de i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIGITCCBQmgAwIBAgISBJv5xY24r8e8JkpQpDK7j5/EMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMTAzMDYxNjQ4NTRaFw0yMTA2MDQxNjQ4NTRaMBkxFzAVBgNVBAMT DmNsb3VkLmNjY2hiLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA uXf0xVJLuMqZ0XoB2DsIc4REm99z81EY1/laP1aLhsxTXSPgjcRG8l+BcagSPMs7 mUmcoSaYlBZxM70MQQ0YvK2ZA/aHKe8K5pyKvSLyZkVT44Q1IARYTernHWOGa5i7 k50EdHtMsT55o6s+rpULyD/MoD/1McpXbndhenAteEP4BBYu7Vf7Ag/I86e4QSFQ 4kSpe2d1ft0x4AWeP+/iZpgKW8kD5f0RH0OuUw8lMTLphIAdZD+xPNTw/Vdm2l9X lnXogGCNPZdVGUOy2bwuw0EiCGI7vrL9fl6gXKPZjoJxS9wRFPrjYRBjX46RCx8W jgmlAdB6RPQNHkBKg2ErPWF9958oAkUQYYP2CGtnUT8hYNP5xbWgIe4WYNGW0qIX 3lHFc1c2RJB+7q/OoK02gG2W4crkrAsN01o9DFHKF1WQ2TQhOo/zfRSzmzQcMM0N KpjWtFdtkoLQ3MEF+9trg6YnePu3WEheytA4N6aX5vy9awYURez004724EAnmZvt dUi7duIchPzaUb3nNOHTRP499/X6zgmbqDDWooZ7NbLHYgTxfn5Iz7wDhdaVGsse f3qeaH697p5qJ8g3Pwh0B19VJPI7cLPlfbVrtKE6iphuwgkNtZAw9t5d7ikZmXjq r8vYMKWD6TSK5egcEMaXPWlv/3cQ4pzpkPPhJEhuVAkCAwEAAaOCAkgwggJEMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQUBelvzyrnQIbbA5r2lEbwT2WpxdcwHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wGQYDVR0RBBIwEIIOY2xvdWQuY2NjaGIuZGUwTAYD VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx AO8AdQD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAXgIqAycAAAE AwBGMEQCIGVIKVDEH8efblFuG8qbSIFhrkE88oz4dNA1Yo8RH3qNAiBDRAi/pEk1 mbsVJFYmBHOKJitEX+RYeQ+hJT/5sfsmAgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ AsEAKQaNsgiaN9kTAAABeAioDdMAAAQDAEcwRQIgIYOIVwKYBj20lWYzYuQMZAXb lI8WWLmn4AbDe+QyU2cCIQDgJL+B5cS/GMotpXozFW/vmm5kyErW32bAthoIIwtf zzANBgkqhkiG9w0BAQsFAAOCAQEASyct/bA+RW6WyXD/HpIZvKxm4Eb5pyuf2Trp KCu7xWyx2WhmZj0jK8G2P9rDkBHB8yzwhpq+FGWyYD+Uw7WbyXCdx07rwlDxfLkF EQB5x3q7/riipWznkbs+TmsvZQ+6LNoZogp7V7IMnwVEir292YO2qDrd260Xd9Cz G2gxF0ZGRJFx3A1oW4q0D7/ImQvZe97dGAh9qlyN6UvchIAn7M4yo289g3TSkxqe exN1V0El7ViAj53Xy9bEENVP7kxo0qt8GraL+EBbOr21+q58A5SVX8G0kAacgo9S SOy16CcFxv7zpOkoUpfDvQxaynTKSk5UrDtx/32nsMuBXmMFNQ== -----END CERTIFICATE----- subject=CN = cloud.ccchb.de issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent --- SSL handshake has read 3065 bytes and written 866 bytes Verification: OK --- New, SSLv3, Cipher is AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : AES256-SHA Session-ID: 29180566AF4B5750AEFF982775695D77EF695EE41B1FA30CC941BE9EBA4E55A3 Session-ID-ctx: Master-Key: 74ED552112D2D4D8AD96E25BAC6314C8DD35C2A8F9BF8B180B1F16EDBEEE4E2090F78AE7796317F34BF1881F7A8D20EC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - ec dc c1 0b db 30 c4 36-43 ce 2c 0d 7a 38 92 a7 .....0.6C.,.z8.. 0010 - 0c 3b 3f 68 25 3e a4 54-17 c9 33 9d 91 1e 47 c9 .;?h%>.T..3...G. 0020 - e7 a3 17 c0 40 4e f1 80-d8 37 a2 23 d5 6a 46 50 ....@N...7.#.jFP 0030 - d6 99 ee 9f ad e6 1e 22-d3 ab 21 2f 0f a7 28 10 ......."..!/..(. 0040 - aa 86 6b ff f1 a4 6f b0-64 16 9c ae 1d 5b 07 6e ..k...o.d....[.n 0050 - fb cb b6 41 8e 1d ee 5f-87 5c 9e 87 e4 f0 7a 52 ...A..._.\....zR 0060 - 79 93 1e 6e 06 b9 3c 2a-95 f3 d9 b6 1e f1 11 88 y..n..<*........ 0070 - 7a 01 e0 c5 ff 85 52 0e-91 69 ac d2 ae 21 7f 11 z.....R..i...!.. 0080 - 29 e8 da 9e a1 4f 79 9a-7a b2 41 7d 86 c1 23 a2 )....Oy.z.A}..#. 0090 - 6d 25 c0 2d 35 4c 2e 39-3e de 8c 6e 93 c7 b2 d1 m%.-5L.9>..n.... 00a0 - 63 15 fe 30 3f 1b 2d ec-87 44 ab b2 74 c2 92 ba c..0?.-..D..t... Start Time: 1615175346 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- ```
genofire was assigned by crest 2021-03-08 05:12:03 -06:00
crest self-assigned this 2021-03-08 05:13:32 -06:00
crest added this to the Enforce PFS cipher suites on emma milestone 2021-03-08 05:15:02 -06:00
Sign in to join this conversation.
No labels
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: ccchb/ansible#27
No description provided.