pySSLScan with DTLS support

Version 0.5 of pySSLScan will support DTLS. Have a look at the following example to see how it works.

I have been extremely busy in the last weeks. But I have managed to add initial DTLS support to the Python flextls library and to pySSLScan.

At the time of writing the DTLS support is highly experimental but I have merged the code into the master branch. So feel free to give it a try.

Before you start get and install the latest version of python-flextls and pySSLScan from GitHub.

If the installation was successful you should be able to scan a DTLS enabled service by executing the following command.

$ pysslscan scan --scan=server.certificate --scan=server.preferred_ciphers \
  --scan=server.ciphers --report=term --dtls10 udp://127.0.0.1:12345

127.0.0.1
=========

Supported Server Cipher(s):
  Accepted  DTLSv10   40 bits TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  Accepted  DTLSv10  128 bits TLS_RSA_WITH_IDEA_CBC_SHA
  Accepted  DTLSv10   40 bits TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
  Accepted  DTLSv10   56 bits TLS_RSA_WITH_DES_CBC_SHA
  Accepted  DTLSv10  168 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA
  Accepted  DTLSv10   40 bits TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  Accepted  DTLSv10   56 bits TLS_DHE_RSA_WITH_DES_CBC_SHA
  Accepted  DTLSv10  168 bits TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  Accepted  DTLSv10  128 bits TLS_RSA_WITH_AES_128_CBC_SHA
  Accepted  DTLSv10  128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  Accepted  DTLSv10  256 bits TLS_RSA_WITH_AES_256_CBC_SHA
  Accepted  DTLSv10  256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  Accepted  DTLSv10  128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  Accepted  DTLSv10  128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  Accepted  DTLSv10  256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  Accepted  DTLSv10  256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
  Accepted  DTLSv10  128 bits TLS_RSA_WITH_SEED_CBC_SHA
  Accepted  DTLSv10  128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA
  Accepted  DTLSv10  168 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  Accepted  DTLSv10  128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  Accepted  DTLSv10  256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Preferred Server Cipher(s):
  DTLSv10 No preferred cipher suite

SSL Certificate(1/1):
  Version: 2
  Serial Number: 16197205225756092106 (0xe0c808561b4ae6ca)
  Signature Algorithm: sha256WithRSAEncryption
  Issuer:
    countryName: AU
    stateOrProvinceName: Some-State
    localityName:
    organizationName: Internet Widgits Pty Ltd
    organizationalUnitName:
    commonName:
    emailAddress:
  Not valid before: 2015-02-04 16:07:02
  Not valid after: 2016-02-04 16:07:02
  Subject:
    countryName: AU
    stateOrProvinceName: Some-State
    localityName:
    organizationName: Internet Widgits Pty Ltd
    organizationalUnitName:
    commonName:
    emailAddress:
  X509v3 Extensions(3):
    subjectKeyIdentifier:
b'\x04\x14\x95m\xf2\x05ue1\xa1\xc7\xee\x06U\x7f:\x16p\xb7\x91\x03L'
    authorityKeyIdentifier:
b'0\x16\x80\x14\x95m\xf2\x05ue1\xa1\xc7\xee\x06U\x7f:\x16p\xb7\x91\x03L'
    basicConstraints:
b'0\x03\x01\x01\xff'

Session:
  Compression: none

Related articles