ccchb
/
ansible
6
1
Fork 1
Code Issues 3 Pull Requests Releases Wiki Activity

cloud.ccchb.de erlaubt Cipher Suites ohne PFS #27

New Issue
Open
opened 2021-03-07 21:51:34 -06:00 by Fritz · 0 comments
Fritz commented 2021-03-07 21:51:34 -06:00
Owner
Copy Link

Die Cloud unter cloud.ccchb.de erlaubt Cipher Suites ohne PFS.

$ openssl s_client -connect cloud.ccchb.de:443 -cipher 'AES256-SHA'
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cloud.ccchb.de
verify return:1
---
Certificate chain
 0 s:CN = cloud.ccchb.de
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISBJv5xY24r8e8JkpQpDK7j5/EMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTAzMDYxNjQ4NTRaFw0yMTA2MDQxNjQ4NTRaMBkxFzAVBgNVBAMT
DmNsb3VkLmNjY2hiLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
uXf0xVJLuMqZ0XoB2DsIc4REm99z81EY1/laP1aLhsxTXSPgjcRG8l+BcagSPMs7
mUmcoSaYlBZxM70MQQ0YvK2ZA/aHKe8K5pyKvSLyZkVT44Q1IARYTernHWOGa5i7
k50EdHtMsT55o6s+rpULyD/MoD/1McpXbndhenAteEP4BBYu7Vf7Ag/I86e4QSFQ
4kSpe2d1ft0x4AWeP+/iZpgKW8kD5f0RH0OuUw8lMTLphIAdZD+xPNTw/Vdm2l9X
lnXogGCNPZdVGUOy2bwuw0EiCGI7vrL9fl6gXKPZjoJxS9wRFPrjYRBjX46RCx8W
jgmlAdB6RPQNHkBKg2ErPWF9958oAkUQYYP2CGtnUT8hYNP5xbWgIe4WYNGW0qIX
3lHFc1c2RJB+7q/OoK02gG2W4crkrAsN01o9DFHKF1WQ2TQhOo/zfRSzmzQcMM0N
KpjWtFdtkoLQ3MEF+9trg6YnePu3WEheytA4N6aX5vy9awYURez004724EAnmZvt
dUi7duIchPzaUb3nNOHTRP499/X6zgmbqDDWooZ7NbLHYgTxfn5Iz7wDhdaVGsse
f3qeaH697p5qJ8g3Pwh0B19VJPI7cLPlfbVrtKE6iphuwgkNtZAw9t5d7ikZmXjq
r8vYMKWD6TSK5egcEMaXPWlv/3cQ4pzpkPPhJEhuVAkCAwEAAaOCAkgwggJEMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUBelvzyrnQIbbA5r2lEbwT2WpxdcwHwYDVR0j
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9yMy5pLmxlbmNyLm9yZy8wGQYDVR0RBBIwEIIOY2xvdWQuY2NjaGIuZGUwTAYD
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdQD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAXgIqAycAAAE
AwBGMEQCIGVIKVDEH8efblFuG8qbSIFhrkE88oz4dNA1Yo8RH3qNAiBDRAi/pEk1
mbsVJFYmBHOKJitEX+RYeQ+hJT/5sfsmAgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ
AsEAKQaNsgiaN9kTAAABeAioDdMAAAQDAEcwRQIgIYOIVwKYBj20lWYzYuQMZAXb
lI8WWLmn4AbDe+QyU2cCIQDgJL+B5cS/GMotpXozFW/vmm5kyErW32bAthoIIwtf
zzANBgkqhkiG9w0BAQsFAAOCAQEASyct/bA+RW6WyXD/HpIZvKxm4Eb5pyuf2Trp
KCu7xWyx2WhmZj0jK8G2P9rDkBHB8yzwhpq+FGWyYD+Uw7WbyXCdx07rwlDxfLkF
EQB5x3q7/riipWznkbs+TmsvZQ+6LNoZogp7V7IMnwVEir292YO2qDrd260Xd9Cz
G2gxF0ZGRJFx3A1oW4q0D7/ImQvZe97dGAh9qlyN6UvchIAn7M4yo289g3TSkxqe
exN1V0El7ViAj53Xy9bEENVP7kxo0qt8GraL+EBbOr21+q58A5SVX8G0kAacgo9S
SOy16CcFxv7zpOkoUpfDvQxaynTKSk5UrDtx/32nsMuBXmMFNQ==
-----END CERTIFICATE-----
subject=CN = cloud.ccchb.de

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
---
SSL handshake has read 3065 bytes and written 866 bytes
Verification: OK
---
New, SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA
    Session-ID: 29180566AF4B5750AEFF982775695D77EF695EE41B1FA30CC941BE9EBA4E55A3
    Session-ID-ctx: 
    Master-Key: 74ED552112D2D4D8AD96E25BAC6314C8DD35C2A8F9BF8B180B1F16EDBEEE4E2090F78AE7796317F34BF1881F7A8D20EC
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - ec dc c1 0b db 30 c4 36-43 ce 2c 0d 7a 38 92 a7   .....0.6C.,.z8..
    0010 - 0c 3b 3f 68 25 3e a4 54-17 c9 33 9d 91 1e 47 c9   .;?h%>.T..3...G.
    0020 - e7 a3 17 c0 40 4e f1 80-d8 37 a2 23 d5 6a 46 50   ....@N...7.#.jFP
    0030 - d6 99 ee 9f ad e6 1e 22-d3 ab 21 2f 0f a7 28 10   ......."..!/..(.
    0040 - aa 86 6b ff f1 a4 6f b0-64 16 9c ae 1d 5b 07 6e   ..k...o.d....[.n
    0050 - fb cb b6 41 8e 1d ee 5f-87 5c 9e 87 e4 f0 7a 52   ...A..._.\....zR
    0060 - 79 93 1e 6e 06 b9 3c 2a-95 f3 d9 b6 1e f1 11 88   y..n..<*........
    0070 - 7a 01 e0 c5 ff 85 52 0e-91 69 ac d2 ae 21 7f 11   z.....R..i...!..
    0080 - 29 e8 da 9e a1 4f 79 9a-7a b2 41 7d 86 c1 23 a2   )....Oy.z.A}..#.
    0090 - 6d 25 c0 2d 35 4c 2e 39-3e de 8c 6e 93 c7 b2 d1   m%.-5L.9>..n....
    00a0 - 63 15 fe 30 3f 1b 2d ec-87 44 ab b2 74 c2 92 ba   c..0?.-..D..t...

    Start Time: 1615175346
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
Die Cloud unter `cloud.ccchb.de` erlaubt Cipher Suites ohne PFS. ``` $ openssl s_client -connect cloud.ccchb.de:443 -cipher 'AES256-SHA' CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = cloud.ccchb.de verify return:1 --- Certificate chain 0 s:CN = cloud.ccchb.de i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIGITCCBQmgAwIBAgISBJv5xY24r8e8JkpQpDK7j5/EMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMTAzMDYxNjQ4NTRaFw0yMTA2MDQxNjQ4NTRaMBkxFzAVBgNVBAMT DmNsb3VkLmNjY2hiLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA uXf0xVJLuMqZ0XoB2DsIc4REm99z81EY1/laP1aLhsxTXSPgjcRG8l+BcagSPMs7 mUmcoSaYlBZxM70MQQ0YvK2ZA/aHKe8K5pyKvSLyZkVT44Q1IARYTernHWOGa5i7 k50EdHtMsT55o6s+rpULyD/MoD/1McpXbndhenAteEP4BBYu7Vf7Ag/I86e4QSFQ 4kSpe2d1ft0x4AWeP+/iZpgKW8kD5f0RH0OuUw8lMTLphIAdZD+xPNTw/Vdm2l9X lnXogGCNPZdVGUOy2bwuw0EiCGI7vrL9fl6gXKPZjoJxS9wRFPrjYRBjX46RCx8W jgmlAdB6RPQNHkBKg2ErPWF9958oAkUQYYP2CGtnUT8hYNP5xbWgIe4WYNGW0qIX 3lHFc1c2RJB+7q/OoK02gG2W4crkrAsN01o9DFHKF1WQ2TQhOo/zfRSzmzQcMM0N KpjWtFdtkoLQ3MEF+9trg6YnePu3WEheytA4N6aX5vy9awYURez004724EAnmZvt dUi7duIchPzaUb3nNOHTRP499/X6zgmbqDDWooZ7NbLHYgTxfn5Iz7wDhdaVGsse f3qeaH697p5qJ8g3Pwh0B19VJPI7cLPlfbVrtKE6iphuwgkNtZAw9t5d7ikZmXjq r8vYMKWD6TSK5egcEMaXPWlv/3cQ4pzpkPPhJEhuVAkCAwEAAaOCAkgwggJEMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQUBelvzyrnQIbbA5r2lEbwT2WpxdcwHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wGQYDVR0RBBIwEIIOY2xvdWQuY2NjaGIuZGUwTAYD VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx AO8AdQD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAXgIqAycAAAE AwBGMEQCIGVIKVDEH8efblFuG8qbSIFhrkE88oz4dNA1Yo8RH3qNAiBDRAi/pEk1 mbsVJFYmBHOKJitEX+RYeQ+hJT/5sfsmAgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ AsEAKQaNsgiaN9kTAAABeAioDdMAAAQDAEcwRQIgIYOIVwKYBj20lWYzYuQMZAXb lI8WWLmn4AbDe+QyU2cCIQDgJL+B5cS/GMotpXozFW/vmm5kyErW32bAthoIIwtf zzANBgkqhkiG9w0BAQsFAAOCAQEASyct/bA+RW6WyXD/HpIZvKxm4Eb5pyuf2Trp KCu7xWyx2WhmZj0jK8G2P9rDkBHB8yzwhpq+FGWyYD+Uw7WbyXCdx07rwlDxfLkF EQB5x3q7/riipWznkbs+TmsvZQ+6LNoZogp7V7IMnwVEir292YO2qDrd260Xd9Cz G2gxF0ZGRJFx3A1oW4q0D7/ImQvZe97dGAh9qlyN6UvchIAn7M4yo289g3TSkxqe exN1V0El7ViAj53Xy9bEENVP7kxo0qt8GraL+EBbOr21+q58A5SVX8G0kAacgo9S SOy16CcFxv7zpOkoUpfDvQxaynTKSk5UrDtx/32nsMuBXmMFNQ== -----END CERTIFICATE----- subject=CN = cloud.ccchb.de issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent --- SSL handshake has read 3065 bytes and written 866 bytes Verification: OK --- New, SSLv3, Cipher is AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : AES256-SHA Session-ID: 29180566AF4B5750AEFF982775695D77EF695EE41B1FA30CC941BE9EBA4E55A3 Session-ID-ctx: Master-Key: 74ED552112D2D4D8AD96E25BAC6314C8DD35C2A8F9BF8B180B1F16EDBEEE4E2090F78AE7796317F34BF1881F7A8D20EC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - ec dc c1 0b db 30 c4 36-43 ce 2c 0d 7a 38 92 a7 .....0.6C.,.z8.. 0010 - 0c 3b 3f 68 25 3e a4 54-17 c9 33 9d 91 1e 47 c9 .;?h%>.T..3...G. 0020 - e7 a3 17 c0 40 4e f1 80-d8 37 a2 23 d5 6a 46 50 ....@N...7.#.jFP 0030 - d6 99 ee 9f ad e6 1e 22-d3 ab 21 2f 0f a7 28 10 ......."..!/..(. 0040 - aa 86 6b ff f1 a4 6f b0-64 16 9c ae 1d 5b 07 6e ..k...o.d....[.n 0050 - fb cb b6 41 8e 1d ee 5f-87 5c 9e 87 e4 f0 7a 52 ...A..._.\....zR 0060 - 79 93 1e 6e 06 b9 3c 2a-95 f3 d9 b6 1e f1 11 88 y..n..<*........ 0070 - 7a 01 e0 c5 ff 85 52 0e-91 69 ac d2 ae 21 7f 11 z.....R..i...!.. 0080 - 29 e8 da 9e a1 4f 79 9a-7a b2 41 7d 86 c1 23 a2 )....Oy.z.A}..#. 0090 - 6d 25 c0 2d 35 4c 2e 39-3e de 8c 6e 93 c7 b2 d1 m%.-5L.9>..n.... 00a0 - 63 15 fe 30 3f 1b 2d ec-87 44 ab b2 74 c2 92 ba c..0?.-..D..t... Start Time: 1615175346 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- ```
genofire was assigned by crest 2021-03-08 05:12:03 -06:00
crest self-assigned this 2021-03-08 05:13:32 -06:00
crest added this to the Enforce PFS cipher suites on emma milestone 2021-03-08 05:15:02 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Enforce PFS cipher suites on emma
Assignees
Clear assignees
No Assignees
genofire
crest
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ccchb/ansible#27
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?