How to generate server certificates supported Kx=DH, Au=DSS?
This is a series of SSL Cipher Check Start!!! - Shammerism
- Generate a DH parameter file
- Generate a DSA certificate
- Running openssl s_server with using those files
- Access from same host using with the script in this article
Generate a DH parameter file
$ openssl dhparam -out dhparam.pem 2048 ... $
Generate a DSA certificate
Answered almost questions as default(just type Enter) when generating a CSR, only Common Name should be localhost.
$ openssl dsaparam -out dsaparam.pem 2048 $ openssl genpkey -paramfile dsaparam.pem -out dsakey.pem $ openssl req -new -key dsakey.pem -out csr.pem ... $ openssl x509 -req -sha256 -in csr.pem -signkey dsakey.pem -out certificate.pem Signature ok subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost Getting Private key $
Running openssl s_server with using those files
$ openssl s_server -dhparam dhparam.pem -cert certificate.pem -key dsakey.pem -www ...
Access from same host using with the script in this article
# ./check-remote-ciphers.py -host localhost -port 4433 ========== Supported Ciphers ========== DHE-DSS-AES256-GCM-SHA384 DHE-DSS-AES256-SHA256 DHE-DSS-AES256-SHA DHE-DSS-CAMELLIA256-SHA EDH-DSS-DES-CBC3-SHA DHE-DSS-AES128-GCM-SHA256 DHE-DSS-AES128-SHA256 DHE-DSS-AES128-SHA DHE-DSS-SEED-SHA DHE-DSS-CAMELLIA128-SHA #
This certificates pair supports only DHE-DSS.
