Blogging Techstacks

Today, I am releasing CryptoNark version 0.5.6, which contains three notable changes/improvements:

1. OpenSSL version detection has been updated up to the latest versions released on October 15, 2014.
2. Due to the POODLE vulnerability, colorization of all SSL3 ciphers are now red regardless of cipher strength, which is an attempt to encourage people to start disabling sslv3 support on their ssl servers/websites.
3. Added some preliminary SHA-2 certificate detection. If cnark sees that the SSL certificate on the site uses an SHA-2 signature algorithm, it will highlight that in green. If it doesn't see an SHA-2 certificate, it will display it in red.

The changelog for all released versions is on the CryptoNark info page and you can download it from my Downloads page.

I came across this error just the other day. cURL throws the following error when I was trying to connect to an https host:

Unknown SSL protocol error in connection to <hostname>:-9846

Connecting to the same host using openssl's s_client, the following error was thrown:

error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Turns out, the server my client was trying to connect to was so old, it didn't support TLS! The workaround for this was to force an ssl3 connection.

I updated my OpenSSL Version Matrix again to reflect new versions of OpenSSL released since June 5 2014, including the three new versions of OpenSSL that were released yesterday, (October 15, 2014) to address four security issues.