Skip to content

Commit

Permalink
TLS scan the SUT multiple times with different cipiher suites and ver…
Browse files Browse the repository at this point in the history
…sion
  • Loading branch information
raja-ashok committed Aug 6, 2023
1 parent 16c912b commit 814fdaf
Show file tree
Hide file tree
Showing 4 changed files with 342 additions and 70 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
data
tls_conn_report.json
summary.csv
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ Our primary reason to work on this tool was to handle 5G Security Control checks

## Getting Started

### Dependencies
* `tlsscan` depends on [jq](https://jqlang.github.io/jq/manual/)
```
sudo apt install jq
```

### Scan k8s services

For k8s, the solution gets deployed as a job that scans the k8s service ports.
Expand Down
130 changes: 130 additions & 0 deletions config/nist-sp-800-52.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
{
"tls_versions": [
{
"version": "1.3",
"recommended": "high"
},
{
"version": "1.2",
"recommended": "medium"
},
{
"version": "1.1",
"recommended": "not"
},
{
"version": "1.0",
"recommended": "not"
},
{
"version": "3.0",
"recommended": "not"
}
],
"cipher_suites": [
{
"cipher_suite": "TLS_AES_256_GCM_SHA384",
"versions": [
{
"version": "TLSv1.3",
"recommended": "high"
}
]
},
{
"cipher_suite": "TLS_AES_128_GCM_SHA256",
"versions": [
{
"version": "TLSv1.3",
"recommended": "high"
}
]
},
{
"cipher_suite": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"versions": [
{
"version": "TLSv1.2",
"recommended": "medium"
}
]
},
{
"cipher_suite": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"versions": [
{
"version": "TLSv1.2",
"recommended": "medium"
}
]
},
{
"cipher_suite": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"versions": [
{
"version": "TLSv1.2",
"recommended": "low"
},
{
"version": "TLSv1.1",
"recommended": "not"
},
{
"version": "TLSv1.0",
"recommended": "not"
}
]
},
{
"cipher_suite": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"versions": [
{
"version": "TLSv1.2",
"recommended": "low"
},
{
"version": "TLSv1.1",
"recommended": "not"
},
{
"version": "TLSv1.0",
"recommended": "not"
}
]
},
{
"cipher_suite": "TLS_RSA_WITH_AES_256_CBC_SHA",
"versions": [
{
"version": "TLSv1.2",
"recommended": "not"
},
{
"version": "TLSv1.1",
"recommended": "not"
},
{
"version": "TLSv1.0",
"recommended": "not"
}
]
},
{
"cipher_suite": "TLS_RSA_WITH_AES_128_CBC_SHA",
"versions": [
{
"version": "TLSv1.2",
"recommended": "not"
},
{
"version": "TLSv1.1",
"recommended": "not"
},
{
"version": "TLSv1.0",
"recommended": "not"
}
]
}
]
}
Loading

0 comments on commit 814fdaf

Please sign in to comment.