Ik gebruik sinds kort weer Peppermint Os en vind het nog steeds een van de snelste en meest gebruiksvriendselijkste distro's. Toch kan het Peppermint OS forum mij tot nu toe niet helpen met het volgende probleem: Test OpenSSL en krijg dan deze uitslag via HOW'SMYSSL.COM:
Your SSL client is Bad.
Check out the sections below for information about the SSL/TLS client you used to render this page.
Yeah, we really mean "TLS", not "SSL".
Version
Bad Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites.
Learn More
Ephemeral Key Support
Good Ephemeral keys are used in some of the cipher suites your client supports. This means your client may be used to provide forward secrecy if the server supports it. This greatly increases your protection against snoopers, including global passive adversaries who scoop up large amounts of encrypted traffic and store them until their attacks (or their computers) improve.
Learn More
Session Ticket Support
Good Session tickets are supported in your client. Services you use will be able to scale out their TLS connections more easily with this feature.
Learn More
TLS Compression
Good Your TLS client does not attempt to compress the settings that encrypt your connection, avoiding information leaks from the CRIME attack.
Learn More
BEAST Vulnerability
Good Your client is not vulnerable to the BEAST attack. While it's using TLS 1.0 in conjunction with Cipher-Block Chaining cipher suites, it has implemented the 1/n-1 record splitting mitigation.
Learn More
Insecure Cipher Suites
Bad Your client supports cipher suites that are known to be insecure:
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: This cipher was meant to die with SSL 3.0 and is of unknown safety.
Learn More
Given Cipher Suites
The cipher suites your client said it supports, in the order it sent them, are:
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Learn More
Het forum gaf de volgende oplossing;
Make sure the "security" repository is enabled .. and run a full system update:-
Open a terminal (Ctrl+Alt+T) and run these commands in sequence:
Code: [Select]
sudo apt-get update
then
Code: [Select]
sudo apt-get upgrade
then
Code: [Select]
sudo apt-get dist-upgrade
then REBOOT.
Now test your link.
If your link still says there's a problem .. post the output from:
Code: [Select]
dpkg -l | grep openssl
and
Code: [Select]
openssl version -a | grep built
My Peppermint 4 system is running
openssl 1.0.1c-4ubuntu8.2
from the security repo .. and the website you linked to states:-
Your SSL client is Probably Okay
Daarna kwam, toen het eerste niet hielp:
Run these commands in sequence:
Code: [Select]
mkdir ~/Desktop/saucy-openssl
then
Code: [Select]
cd ~/Desktop/saucy-openssl
then
Code: [Select]
wget
https://launchpad.net/ubuntu/+archive/primary/+files/openssl_1.0.1e-3ubuntu1.3_i386.deb https://launchpad.net/ubuntu/+archive/primary/+files/libssl1.0.0_1.0.1e-3ubuntu1.3_i386.debthen
Code: [Select]
suso dpkg -i *.deb
then REBOOT.
Now test your link.
https://www.howsmyssl.comAlso check that:
Code: [Select]
openssl version -a | grep built
Als ik het eerste commando ingeef krijg ik:
mkdir: kan map ‘/home/bert/Desktop/saucy-openssl’ niet aanmaken: Bestand of map bestaat niet
Is daar nog een oplossing voor?
Ik hoop dat jullie mij kunnen helpen!! Alvast bedankt.
