17 posts categorized "cnark"


CryptoNark 0.5.6 Released

Today, I am releasing CryptoNark version 0.5.6, which contains three notable changes/improvements:

  1. OpenSSL version detection has been updated up to the latest versions released on October 15, 2014.
  2. Due to the POODLE vulnerability, colorization of all SSL3 ciphers are now red regardless of cipher strength, which is an attempt to encourage people to start disabling sslv3 support on their ssl servers/websites.
  3. Added some preliminary SHA-2 certificate detection. If cnark sees that the SSL certificate on the site uses an SHA-2 signature algorithm, it will highlight that in green. If it doesn't see an SHA-2 certificate, it will display it in red.

The changelog for all released versions is on the CryptoNark info page and you can download it from my Downloads page.


CryptoNark 0.5.5 Released - Now Supporting Windows

It's only been a few days since the 0.5 release but I've been busy updating CryptoNark with some bug fixes and also added in support for Windows. One caveat: I've only tested this on WIndows 8.1 under a Strawberry Perl 5.18.2 installation. Please let me know if there are any issues on older/newer versions of Strawberry Perl.

One additional item to note in this version. SSLv2 connections to some sites were causing perl to crash when running on Windows. I've modified the subroutine that is making SSLv2 calls to make it more stable but on those sites that it was crashing on, cnark now falsely (?) reports that an sslv2 connection with an RC4-MD5 cipher is possible. I'm still investigating this issue. It does not happen on all sites.

You can download the new CryptoNark v0.5.5 release from the Downloads page and you can see the changelog at the CryptoNark page on this site.


CryptoNark 0.5 Released

It has been a while since the last release but here's new version 0.5 of CryptoNark. New features and changes in this release include the following (but are mainly centered on certificate validation):

  • Modifed DHE- cipher strings to note that they also support Forward Secrecy
  • Added more OpenSSL version strings. This is now current to the most recent OpenSSL version
  • CryptoNark will check to see if you are running 0.9.8l or less and warn that your version doesn't support secure client renegotation.
  • The cert_info() subroutine has been modified to use the AES265-SHA cipher from RC4-SHA. This is purely just to support the eventual phasing out of RC4 ciphers
  • The cert_info() subroutine now displays the expiration date of the peer certificate
  • Finally, a behavior change, which works around a problem reported when running against a server using a self-signed certificate. A server using a self-signed certificate no longer fails certificate validation. This might seem counter to what you're seeing when you connect with a web browser to a web site using a self-signed certificate but keep in mind that if your browser trusts that self-signed certificate, then data and channel encryption isn't much different. The reason behind this change is to workaround an issue that is ultimately going to require a rewrite to how I am doing certificate validation today. Previous versions of CryptoNark would fail certificate validation when using a self-signed certificate but when run with the --insecure switch, some platforms would incorrectly report the bit length of the private key and then croak with a segmentation fault. This version worksaround that issue.

A big thank you to all who have downloaded this over the years and emailed issues to me. As always, downloads are available off of the CryptoNark page.