Rui Yan
ABSTRACT
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are used to encrypt data, protect privacy, and authenticate. However, the security of SSL/TLS itself depends on its configurations. While some scanning tools are used to measure SSL/TLS configurations, their performance is far from meeting the requirement of large-scale measurements. In this paper, we propose a fast SSL/TLS configuration scanning tool, Q-Scanner, which can generate a lightweight scanning solution based on the characteristics of the configurations to be scanned. The experiment shows Q-Scanner achieves a speedup of over 30,000 times compared to SSL Pulse without loss of accuracy.
- Alban Diquet. 2023. Fast and powerful SSL/TLS scanning library. https://github.com/nabla-c0d3/sslyze.Google Scholar
- Thai Duong and Juliano Rizzo. 2011. Here come the ⊕ ninjas. Unpublished manuscript (2011).Google Scholar
- Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J Alex Halderman. 2015. A search engine backed by Internet-wide scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 542--553.Google ScholarDigital Library
- Bodo Möller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory 21 (2014), 34--58.Google Scholar
- Inc Qualys. 2023. Qualys SSL Labs - SSL Pulse. https://www.ssllabs.com/ssl-pulse/.Google Scholar
- rbsec. 2023. sslscan tests SSL/TLS enabled services to discover supported cipher suites. https://github.com/rbsec/sslscan.Google Scholar
- Inc TrustAsia. 2023. MySSL. https://myssl.com/.Google Scholar
- Dirk Wetter. 2023. Testing TLS/SSL encryption anywhere on any port. https://github.com/drwetter/testssl.sh.Google Scholar
Index Terms
- Poster: Q-Scanner: A Fast Scanning Tool for Large-Scale SSL/TLS Configurations Measurement
Recommendations
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conferenceThe SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public-key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it ...
Securing SSL Certificate Verification through Dynamic Linking
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityRecent discoveries of widespread vulnerabilities in the SSL/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet's communications in doubt. Newly proposed SSL trust enhancements ...
Comments