ssl - Java HttpURLConnection connect using Weak Ciphers -

-

i working on vulnerability scanner in java check websites allow connections using weak cipher suites. would, example, try connect using 56 bits "ssl_dhe_rsa_with_des_cbc_sha" (or other weak ciphers) , if 200 ok, website vulnerable. here far:

1- httpurlconnection works time default ciphers if try use "system.setproperty() set weak cipher, either "cipher not supported exception (for of cipher suites) or "connection rejected" exception when try connect(). know connection rejected answer websites don't accept weak ciphers, how actual http reponse header (with rejection code) instead of exception?

2- not interested in finding vulnerability on ssl level (layer 6) on http level (layer 7) , know http header may deceptive in instances, ok that.

in summary, need work weak cipher suites only:

        url url = new url(ip);         httpsurlconnection con = (httpsurlconnection) url.openconnection();         con.sethostnameverifier(new hostnameverifier() {             public boolean verify(string hostname, sslsession session) {                 return true;             }         });         con.connect();         system.out.println("response code : " + con.getresponsecode());

how actual http reponse header (with rejection code) instead of exception?

you don't. ssl connection isn't formed there nothing http headers transmitted over. sslexception.

i not interested in finding vulnerability on ssl level (layer 6) on http level

this statement doesn't make sense. vulnerability exists @ ssl level. there is no http(s)-level connection until ssl connection complete, , fails instead.


Comments

Post a Comment

Popular posts from this blog

Javascript line number mapping -

-
magically formatted comments change reported line number of javascript errors in browsers; this: //@line n "f" n line number , f file name. unfortunately, //@line appears ungoogleable. know there documentation on feature, , browsers support it? (i found references here , here .) from can find available in mozilla based browsers. it using js_setoptions command can turn these options on or off depending on values passed. https://developer.mozilla.org/en/js_setoptions
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ...
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more