Connect to Server via SSL with various Cipher strengths and algorithms in C#

Question

Searched around a bit, found different tools to check weak ciphers. How can I determine what ciphers/alogrithms the Server supports via .net/c#?

I can test sslv2, sslv3 and tls via (ssl.protocols.ssl2/ssl3/tls):

            TcpClient client = new TcpClient();
            client.Connect("host", 443);
            using (SslStream Ssl = new SslStream(client.GetStream()))
            {
                Ssl.AuthenticateAsClient("host", null, System.Security.Authentication.SslProtocols.Ssl3, false);
                Console.WriteLine(Ssl.CipherAlgorithm);
                Console.WriteLine(Ssl.CipherStrength);
                Console.WriteLine(Ssl.SslProtocol);
            }
            client.Close();

How do I check the algorithms and other weak ciphers via C#? I am looking at SSLDiagnos but it is in c?

Any ideas?

This link answers the question but was deleted as an answer: http://www.bolet.org/TestSSLServer/ (C# source for TestSSLServer) — user423430, Dec 02 '14 at 21:09

Eugene Mayevski 'Callback · Accepted Answer · 2011-01-05T21:41:42.307

3

CipherAlgorithm and HashAlgorithm properties of SslStream. You define what is "weak" for you, and check the negotiated algorithm against your list of "weak" ones.

Update: Sorry for misunderstanding the question. The server doesn't seem to send the list of supported ciphersuites, so the only option is to enable one cipher suite at a time on the client and attempt to connect using it. I don't see that SslStream allows you to specify allowed ciphersuite(s), however you can use our SecureBlackbox components for this - they let you fine-tune the component (SSL client) easily.

edited Jan 05 '11 at 21:41

answered Jan 05 '11 at 21:12

Eugene Mayevski 'Callback

45,135
8
71
121

I am trying to determine what ciphers/algorithms the server supports. Similar to what http://superuser.com/questions/109213/is-there-a-tool-that-can-test-what-ssl-tls-cipher-suites-a-particular-website-off – JKK Jan 05 '11 at 21:23

score 1 · Answer 2 · answered Jan 05 '11 at 21:40

The server chooses a ciphersuite to use from the list requested by the client. I.e. you should take some library that allows to enable/disable certain ciphersuites, and try to connect to the server enabling suites one-by-one. SslStream doesn't support flexible ciphersuites adjustment.

score 0 · Answer 3 · answered Jan 10 '11 at 19:01

0

I would still take a look at ssldiagnos and maybe port it to c# using OpenSSL.NET? http://sourceforge.net/projects/openssl-net/ Then all you would have to do is to port the c-code into c# and leave the OpenSSL-code.

answered Jan 10 '11 at 19:01

Joe

1

score 0 · Answer 4 · answered Jan 27 '11 at 07:45

0

The ssldiagnos application is now merged with another tool: sslpressure which does not use openssl at all, just check the initial client hello (much simpler), maybe you can use that as a template for your project.

answered Jan 27 '11 at 07:45

Joe2

1

Connect to Server via SSL with various Cipher strengths and algorithms in C#

4 Answers4