Tuesday, August 10, 2010

Testing Website Encryption

Using Openssl, use the following commands to verify website encryption strength:

openssl s_client -no_tls1 -no_ssl3 -connect :443
openssl s_client -connect :443 -cipher NULL
openssl s_client -connect :443 -cipher LOW
openssl s_client -connect :443 -cipher MEDIUM
openssl s_client -connect :443 -cipher HIGH

The only command that should not generate an error is the last. If any other command returns results instead of an error, then the site's encryption strength is not sufficient.