透過 nmap 指令可以查看該 Port 支援的 TLS 版本、以及支援的 Ciphers,在處理弱掃問題時可以用來輔助測試。
nmap --script +ssl-enum-ciphers -p 3000 127.0.0.1
[root@localhost ~]# nmap --script +ssl-enum-ciphers -p 3000 127.0.0.1 Starting Nmap 7.70 ( https://nmap.org ) at 2023-07-18 10:44 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.00038s latency). PORT STATE SERVICE 3000/tcp open ppp | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A
參考資料:
https://github.com/grafana/grafana/pull/7347
