WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: [SOLVED] 64 bit web browser tests for poodle attack  (Read 2580 times)

gordon64

  • Guest
[SOLVED] 64 bit web browser tests for poodle attack
« on: August 13, 2015, 11:51:36 PM »
Hi I am not a security expert, but I went to this URL to check
https://zmap.io/sslv3

64 bit web browsers I found safe, claiming that
Quote
Good News! Your browser does not support SSLv3

epiphany
firefox-latest's local TCZ called firefox-official
opera-12


64 bit found not so safe claiming that
Quote
Warning! Your browser supports SSLv3
fifth

Browsers not tested or unable to see the result etc
firefox-nightly ....too old. IMHO no-one should be on it.
links and elinks.....both display the web site but give no indication, probably because they are text browsers.

I have yet to find a way to start fifth with a command that disables sslv3 but if anyone knows pls advise.

thanks for reading

EDIT
I made a .local/bin file with contents
Quote
#!/bin/sh
tce-load -i fifth
fifth --ssl-version-min=tls1

but attempting to use it gives error as
Quote
fifth: unrecognized option '--ssl-version-min=tls1'
« Last Edit: August 16, 2015, 12:33:27 AM by Rich »

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11037
Re: 64 bit web browser tests for poodle attack
« Reply #1 on: August 14, 2015, 06:33:10 AM »
Fifth has no config options for SSL, it uses the defaults of openssl. Ideally we'd compile openssl without ssl3, so no app would use it.
The only barriers that can stop you are the ones you create yourself.

gordon64

  • Guest
Re: 64 bit web browser tests for poodle attack
« Reply #2 on: August 14, 2015, 07:08:40 PM »
curaga

I hope I don't embarrass you, but it turns out that you are the upstream maintainer of fifth.

Congratulations on your software and skills and thankyou for the tips.

Naturally I will look at re-compiling on 64 bit, Juanito's build script calls for curl-dev which has a dependency of openssl* and the running dependency has curl with a dependency of openssl*.
I shall see if modding those dep files and see if I can re-compile without openssl* support. Plus will try without curl support as well.

thanks again for your time.

Quote
Ideally we'd compile openssl without ssl3

I have failed to compile new certificates, slightly off topic, new certificates works with existing openssl but when I attempted to use them for new openssl....not knowing about sslv3, at time of build, the new certificates failed.
« Last Edit: August 14, 2015, 07:24:39 PM by gordon64 »

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11037
Re: 64 bit web browser tests for poodle attack
« Reply #3 on: August 15, 2015, 04:54:06 AM »
No, you can't compile Fifth without openssl. I mean we should compile openssl.tcz with sslv3 disabled. Some other distros are doing so.
The only barriers that can stop you are the ones you create yourself.

gordon64

  • Guest
Re: 64 bit web browser tests for poodle attack
« Reply #4 on: August 15, 2015, 07:45:14 AM »
Thanks

on 64 bit just re-compiled openssl with extra compile option "no-ssl3"
recompiled fifth, with slight dep modification and fifth now passes the sslv3 test, tested locally.

OFFTOPIC
but my attempt to add new certificates and test a re-compiled elinks, built with new openssl, I called it elinks2 is not showing a display page for a https URL, so I have failed to get it all corrrect.

Juanito is aware of some of my failures. I fail more than I succeed.  :-[

cheers


gordon64

  • Guest
Re: 64 bit web browser tests for poodle attack
« Reply #5 on: August 16, 2015, 12:09:05 AM »
completely offtopic I have certificates now working by going to this URL

https://cert-test.sandbox.google.com/

if certs work, you get
Quote
SHA-256 certificate test successful.

Please mark post as solved thanks