OS X 에서 64 비트 OpenSSL 컴파일 옵션

다음의 절차로 컴파일 한다. (64 비트)

make clean

./Configure darwin64-x86_64-cc -shared --prefix=/usr/local

./config no-asm enable-seed enable-cms enable-ssl2 enable-ssl3 no-idea no-md2 no-md4 no-mdc2 no-rc2 no-rc4 no-rc5 no-zlib-dynamic

make depend && make

make test

make install

OpenSSL 접속 테스트

openssl s_client -connect lgdrone.svc.entrust.kr:1443

brew install nmap

nmap --script ssl-enum-ciphers -p 1443 lgdrone.svc.entrust.kr

nmap --script ssl-enum-ciphers -p 443 example.com

You will get a response like this.

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|     compressors: 
|       NULL
|_  least strength: strong