Transport Layer Security[edit | edit source]
If you have a website or other online resources, you should be running them on a Secure webserver. If you need help, call eQuality Technology. We can secure your site very quickly and very cost-effectively, using the highest grade security measures.
Security Check[edit | edit source]
Instantly check your site's security grade at https://www.ssllabs.com/ssltest/analyze.html (you can also append the domain name like so: ?d=equality-tech.com)
Checking Ciphers[edit | edit source]
You can use nmap to port scan a host (Do NOT do this on hosts you don't control... it's like poking a hornets nest, you're not sure what's going to happen next but it could be bad). Use this particular invocation to show the SSL ciphers in use on your host. The description below is from
This script repeatedly initiates SSL/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the ciphers and compressors that a server accepts.
Each cipher is shown with a strength rating: one of
unknown strength. The output line
Least strength shows the strength of the
weakest cipher offered. If you are auditing for weak ciphers, you would
want to look more closely at any port where
strong. The cipher strength database is in the file
nselib/data/ssl-ciphers, or you can use a different file
through the script argument
SSLv3/TLSv1 requires more effort to determine which ciphers and compression methods a server supports than SSLv2. A client lists the ciphers and compressors that it is capable of supporting, and the server will respond with a single cipher and compressor chosen, or a rejection notice.
This script is intrusive since it must initiate many connections to a server, and therefore is quite noisy.
nmap --script +ssl-enum-ciphers example.com
Using Certbot, you can manage your certificates.