joeware – never stop exploring… :) » Blog Archive » AdFind SSL/TLS Certificate / Session Info

Information about joeware mixed with wild and crazy opinions...

AdFind SSL/TLS Certificate / Session Info

by joe @ 6:15 pm on 4/8/2017. Filed under general, tech

I think I have settled on the data I want to make available for the –sslinfo switch. If someone thinks there would be some additional info that would be useful please let me know.

Below is what I have for output so far for the –sslinfo switch. I am thinking the switch will initially be in BETA mode even with the release version of V01.50.00 until I sort out exactly how I want it formatted and how it might be used. I also have to sort out how to add the CSV/TSV functionality for it since when it runs in this mode it doesn’t actually get anywhere near the normal output stage of the code. I know for a mass scan of a forest that would likely be the preferred output model.

My original thinking was that the bit strength, cert version, dates, and issuer would be the most valuable bits of info. I visualize being able to tear through an entire forest looking at this info for every DC with a simple for /f loop like

for /f %i in (‘adfind -gcb -dclist’) do adfind -hh %i -sslinfo

Like so:

[Sat 04/08/2017 18:10:11.39]
E:\DEV\cpp\vs\AdFind>for /f %i in (‘release\adfind -gcb -sc dclist’) do release\adfind -hh %i -sslinfo -utc

[Sat 04/08/2017 18:10:22.83]
E:\DEV\cpp\vs\AdFind>release\adfind -hh K16TST-DC1.k16tst.test.loc -sslinfo -utc

AdFind V01.50.00.00cpp VS BETA Joe Richards (support@joeware.net) April 2016

Certificate Info
================
Encoding Type = X509_ASN_ENCODING (0x01)
Version       = CERT_V3 (0x02)
NotBefore     = 2017/04/08-16:11:31 UTC
NotAfter      = 2018/04/08-16:11:31 UTC
Sig Algorithm = 1.2.840.113549.1.1.13
Issuer        = CN=CA1,DC=k16tst,DC=test,DC=loc
Subject       = CN=K16TST-DC1.k16tst.test.loc

SSL Connection Information
==========================
Protocol           = Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
Cipher Algorithm   = AES 256-bit encryption algorithm (CALG_AES_256)
Cipher Strength    = 256 bits
Hash Algorithm     = 384 bit SHA hashing algorithm (CALG_SHA_384)
Hash Strength      = 0 bits
Key Exch Algorithm = Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
Key Exch Strength = 255 bits

The command completed successfully

[Sat 04/08/2017 18:10:22.90]
E:\DEV\cpp\vs\AdFind>release\adfind -hh K16TST-DC2.k16tst.test.loc -sslinfo -utc

AdFind V01.50.00.00cpp VS BETA Joe Richards (support@joeware.net) April 2016

Certificate Info
================
Encoding Type = X509_ASN_ENCODING (0x01)
Version       = CERT_V3 (0x02)
NotBefore     = 2017/04/08-16:15:53 UTC
NotAfter      = 2018/04/08-16:15:53 UTC
Sig Algorithm = 1.2.840.113549.1.1.13
Issuer        = CN=CA1,DC=k16tst,DC=test,DC=loc
Subject       = CN=K16TST-DC2.k16tst.test.loc

SSL Connection Information
==========================
Protocol           = Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
Cipher Algorithm   = AES 256-bit encryption algorithm (CALG_AES_256)
Cipher Strength    = 256 bits
Hash Algorithm     = 384 bit SHA hashing algorithm (CALG_SHA_384)
Hash Strength      = 0 bits
Key Exch Algorithm = Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
Key Exch Strength = 255 bits

The command completed successfully

[Sat 04/08/2017 18:10:22.98]
E:\DEV\cpp\vs\AdFind>release\adfind -hh K16TSTCHLD-DC1.k16tstchld.k16tst.test.loc -sslinfo -utc

AdFind V01.50.00.00cpp VS BETA Joe Richards (support@joeware.net) April 2016

Certificate Info
================
Encoding Type = X509_ASN_ENCODING (0x01)
Version       = CERT_V3 (0x02)
NotBefore     = 2017/04/08-21:19:19 UTC
NotAfter      = 2018/04/08-21:19:19 UTC
Sig Algorithm = 1.2.840.113549.1.1.13
Issuer        = CN=CA1,DC=k16tst,DC=test,DC=loc
Subject       = CN=K16TSTCHLD-DC1.k16tstchld.k16tst.test.loc

SSL Connection Information
==========================
Protocol           = Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
Cipher Algorithm   = AES 256-bit encryption algorithm (CALG_AES_256)
Cipher Strength    = 256 bits
Hash Algorithm     = 384 bit SHA hashing algorithm (CALG_SHA_384)
Hash Strength      = 0 bits
Key Exch Algorithm = Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
Key Exch Strength = 255 bits

The command completed successfully

[Sat 04/08/2017 18:10:23.11]
E:\DEV\cpp\vs\AdFind>release\adfind -hh K16TSTCHLD-DC2.k16tstchld.k16tst.test.loc -sslinfo -utc

AdFind V01.50.00.00cpp VS BETA Joe Richards (support@joeware.net) April 2016

Certificate Info
================
Encoding Type = X509_ASN_ENCODING (0x01)
Version       = CERT_V3 (0x02)
NotBefore     = 2017/04/08-21:27:51 UTC
NotAfter      = 2018/04/08-21:27:51 UTC
Sig Algorithm = 1.2.840.113549.1.1.13
Issuer        = CN=CA1,DC=k16tst,DC=test,DC=loc
Subject       = CN=K16TSTCHLD-DC2.k16tstchld.k16tst.test.loc

SSL Connection Information
==========================
Protocol           = Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
Cipher Algorithm   = AES 256-bit encryption algorithm (CALG_AES_256)
Cipher Strength    = 256 bits
Hash Algorithm     = 384 bit SHA hashing algorithm (CALG_SHA_384)
Hash Strength      = 0 bits
Key Exch Algorithm = Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
Key Exch Strength = 255 bits

The command completed successfully

[Sat 04/08/2017 18:10:23.24]
E:\DEV\cpp\vs\AdFind>release\adfind -hh K16TST-RODC1.k16tst.test.loc -sslinfo -utc

AdFind V01.50.00.00cpp VS BETA Joe Richards (support@joeware.net) April 2016

Certificate Info
================
Encoding Type = X509_ASN_ENCODING (0x01)
Version       = CERT_V3 (0x02)
NotBefore     = 2017/04/08-16:27:19 UTC
NotAfter      = 2018/04/08-16:27:19 UTC
Sig Algorithm = 1.2.840.113549.1.1.13
Issuer        = CN=CA1,DC=k16tst,DC=test,DC=loc
Subject       = CN=K16TST-RODC1.k16tst.test.loc

SSL Connection Information
==========================
Protocol           = Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
Cipher Algorithm   = AES 256-bit encryption algorithm (CALG_AES_256)
Cipher Strength    = 256 bits
Hash Algorithm     = 384 bit SHA hashing algorithm (CALG_SHA_384)
Hash Strength      = 0 bits
Key Exch Algorithm = Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
Key Exch Strength = 255 bits

The command completed successfully

And if you have a machine that doesn’t have a valid cert installed it will give the standard connection failure you already get.

[Sat 04/08/2017 18:10:23.35]
E:\DEV\cpp\vs\AdFind>release\adfind -hh k16tst2-dc1.k16tst2.test.loc -sslinfo -utc

AdFind V01.50.00.00cpp VS BETA Joe Richards (support@joeware.net) April 2016

LDAP_BIND: [k16tst2-dc1.k16tst2.test.loc] Error 0x51 (81) – Server Down
Terminating program.
And if you have a machine that doesn’t have a valid cert installed it will give the standard connection failure you already get.

joe

Rating 3.67 out of 5

Comments Off [link] [TB]

Comments are closed.

[joeware – never stop exploring… :) is proudly powered by WordPress.]

tip jar:
internal links:
- about
- Opinions Expressed…
logon:
- Log in
- Register
- Links
categories:
- alternatives
- db
- general
- house stuff
- humour
- LDS
- quotes
- rants
- recipes
- tech
  - perl
- updates
search blog:

Search for:
calendar:
- April 2017
  
  M T W T F S S
  
  1 2
  
  3 4 5 6 7 8 9
  
  10 11 12 13 14 15 16
  
  17 18 19 20 21 22 23
  
  24 25 26 27 28 29 30
  
  « Mar May »
archive:
other:
visitors:

Journalized Theme Copyright © 2002–2024 Mike Little.