======Security - SSL======

[[http://danielruiz.org/2012/11/20/server-name-indication-sni-and-ssl-vpn/|Daniel Ruiz – Blog - Server Name Indication (SNI) and SSL VPN]] \\

[[http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html|A Few Thoughts on Cryptographic Engineering - Attack of the week: OpenSSL Heartbleed]] \\

[[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet|OWASP - Transport Layer Protection Cheat Sheet]] \\


=====Notes=====


====Check TLS/SSL version and ciphers on TLS/SSL service====


===With nmap===

<code>
nmap -sV --script ssl-enum-ciphers -p 443 HOSTNAMEORIP
</code>

Sources:
  * [[https://jumpnowtek.com/security/Using-nmap-to-check-certs-and-supported-algos.html|Jumpnow Technologies - Using Nmap to check certs and supported TLS algorithms]]
  * [[https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html|nmap.org - ssl-enum-ciphers NSE script]]


===With sslyze===

[[https://github.com/nabla-c0d3/sslyze|GitHub -  nabla-c0d3 / sslyze]] Fast and powerful SSL/TLS scanning library. Has a standalone release to unpack and use on Windows.