OpenSSL - 是否有必要对每个密码进行测试

OpenSSL - 是否有必要对每个密码进行测试

我想检查是否有必要测试我的 testsslserver 列出的每个可能的 ssl、tls。目的是找出尽可能多的 http 响应。最重要的是,我想检查除 200 之外的 HTTP 响应代码是否有效:

echo "---HTTP 1.0 ----"
printf "GET / HTTP/1.0\r\n\r\n" | nc -v $1 $2
echo "Last Run:GET / HTTP/1.0\r\n\r\n"
printf "OPTIONS / HTTP/1.0\r\n\r\n" | nc -v $1 $2
echo "Last Run:OPTIONS / HTTP/1.0\r\n\r\n"
echo "---HTTP 1.1 ----"
printf "GET / HTTP/1.1\r\nHost: $1:$2\r\nConnection: close\r\n\r\n" | nc -v $1 $2 
echo "Last Run:GET / HTTP/1.1\r\nHost: $1:$2\r\nConnection: close\r\n\r\n"
#if the request is:"GET / HTTP/1.1\r\nHost: host:port\r\n\r\n" then the response contains header as well as body, and the connection will not close even after the response.
printf "OPTIONS / HTTP/1.1\r\nHost: $1:$2\r\nConnection: close\r\n\r\n" | nc -v $1 $2
echo "Last Run:OPTIONS / HTTP/1.1\r\nHost: $1:$2\r\nConnection: close\r\n\r\n"

答案1

如果你想检查密码与浏览器的兼容性,你可以使用以下命令运行它SSL 实验室. 对于最新的密码,你可以使用 Mozilla

相关内容