This is meant to be general banter. I plan to to submit openssl v 1.0.2d when I have cheated off some other builds later.
First use USM to download elinks ....I am on 64 bit LxQt
Be aware that altho you can do these tests on FF or some other web browsers, if they have their own certificate base you may get misleading results. All commands below done as a local user please. Except those who prefer to login as root.
Code: Select all
lynx https://zmap.io/sslv3 lynx https://cert-test.sandbox.google.com/ lynx https://revoked.grc.com openssl s_client -connect www.paypal.com:443
sslv3 test shows that current openssl has been built with sslv3 support as page displays.
run this test with FF as you will notice for FF it says
.....the opposite of elinks lynx test.Good News! Your browser does not support SSLv3.
EDIT I will compile openssl with these extra configs "no-ssl2 no-ssl3"
sandbox test is a success meaning we have a valid root certificate. Its partially a test of openssl and partially a test that we have root certificates AKA ca-certificates etc.
revoked test: elinks lynx shows it shows a page which IMHO it should not.
In FF a good test is this result
openssl test is a success. Meaning our openssl can grab the certificate and related info from that site including the Common Name (CN) as perSecure Connection Failed
I am not claiming to be some kind of security expert and am an intermediate Linux user with some coding skills.CN=VeriSign Class 3 Public Primary Certification Authority - G5
Page is editted to use lynx which is already installed as per post 2