My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that aspect alone and I wanted something a little more general purpose – and preferably command line driven. The openssl program itself is pretty useful, but I found this rather nice perl script called ssl-cipher-check which I have now added to my toolset.
On a related note, a post over at crypto stackexchange gives an interesting answer to the question, “how secure is AES?” The post dates from 2012 (and 1 April at that) but it concludes:
- The federal government is allowed to use AES for top-secret information.
- We don’t know that they would actually want AES to be mathematically breakable, so at the AES competition 11 years ago it is possible they would have avoided any algorithm they thought they could break in the near future.
None of that is proof, but we tend to assume that the NSA can’t break AES.
No-one has updated or contradicted that answer since it was posted.