[INFO ONLY] 64 bit web browser tests openssl certs

Non release banter
aus9

[INFO ONLY] 64 bit web browser tests openssl certs

Post#1 by aus9 » 26 Oct 2015, 03:54

Hi

This is meant to be general banter. I plan to to submit openssl v 1.0.2d when I have cheated off some other builds later.
First use USM to download elinks ....I am on 64 bit LxQt
Be aware that altho you can do these tests on FF or some other web browsers, if they have their own certificate base you may get misleading results. All commands below done as a local user please. Except those who prefer to login as root. :D

Code: Select all

lynx https://zmap.io/sslv3
lynx https://cert-test.sandbox.google.com/
lynx https://revoked.grc.com
openssl s_client -connect www.paypal.com:443
2) Results
sslv3 test shows that current openssl has been built with sslv3 support as page displays.
run this test with FF as you will notice for FF it says
Good News! Your browser does not support SSLv3.
.....the opposite of elinks lynx test.

EDIT I will compile openssl with these extra configs "no-ssl2 no-ssl3"

sandbox test is a success meaning we have a valid root certificate. Its partially a test of openssl and partially a test that we have root certificates AKA ca-certificates etc.

revoked test: elinks lynx shows it shows a page which IMHO it should not.
In FF a good test is this result
Secure Connection Failed
openssl test is a success. Meaning our openssl can grab the certificate and related info from that site including the Common Name (CN) as per
CN=VeriSign Class 3 Public Primary Certification Authority - G5
I am not claiming to be some kind of security expert and am an intermediate Linux user with some coding skills.

Page is editted to use lynx which is already installed as per post 2
Last edited by aus9 on 28 Oct 2015, 05:06, edited 2 times in total.

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: [INFO ONLY] 64 bit web browser tests openssl certs

Post#2 by Rava » 28 Oct 2015, 03:40

Why do we need elinks? Lynx should be able to do all the needed downloads,or am I missing something here?
Cheers!
Yours Rava

aus9

Re: [INFO ONLY] 64 bit web browser tests openssl certs

Post#3 by aus9 » 28 Oct 2015, 05:03

Hi
Why do we need elinks? Lynx should be able to do all the needed downloads,or am I missing something here?
We don't need elinks at all, my apologies, above post corrrected to use lynx. I am not suggesting you use lynx or elinks for any downloads unless you prefer to, I actually use firefox. Since you have taken time away from your busy schedule I thought I better display an image of what happens when a member runs the top post first command to test for sslv3 compiled in support.
And compares it to firefox which of course will not display the page. Feel free to comment or not. Image has been sliced to show only a bit of the page to make it easy for me who is slightly short sighted.

Image

And altho I have more testing etc etc, I have just recompile openssl to disable sslv2 sslv3 and here is a better result.

Image

Naturally I have test lynx with http://www.porteus.org and it works so my openssl has not yet broken anything.
time will tell

and lynx with newish openssl passes the cert test, the second command to test https

Post Reply