ryanries / sharptlsscan Goto Github PK

I wanted to say first this a very useful piece of code that I have taken an modified for my mostly less than evil purposes. If your looking to update this I may suggest more testing against different platforms. I have noticed that platforms like Apache tomcat will allow ECDHE connections without the extensions part of the clientHello handshake defined. However, when I test this against one of the very popular load balancers out there it fails the connection with a handshake alert. When I add the elliptical curve extensions to the client hello then the connection is successful. A wireshark capture of OpenSSL testing TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 will show you what I am talking about. Very useful piece of code for testing SSL/TLS connections where you cannot use something like SSLLabs. Also I think this could be ported to powershell pretty easily which I plan to do when I have fully modified the code to my will.