Verifying SSL Security with sslyze

Many people are speaking these days about the SSL-Exhaustion attack which is a way to make any https server out of service, this attack allow hackers to take down any server remotely by using a special vulnerability widely known since 2003.

Secure SSL require 15 times more server processing power than on client, so here there is a special tool called THC-SSL-DOS that will exploit this vulnerability to overload the server and make it unreachable for legitimate users.

Here the tool can be running against any SSL used service to create DoS without any DDoS attack, if you are looking to scan your server for SSL vulnerabilities you can have a look at SSLyze. Cross-platform tool that will check server configuration and settings.  You can run the scan automatically on several targets as follows:

$ python sslyze.py [options] www.target1.com www.target2.com:443 etc...

To download and using the tool you can check the following link: http://code.google.com/p/sslyze/

Share
You can leave a response, or trackback from your own site.