Wednesday, December 28, 2022

Scan https Web Application for tls vulnerability using openssl

SSL Labs is the effficient way to find which SSL protocols are enabled on your webserver.

Enter your website url and click on submit

https://www.ssllabs.com/ssltest/

It generated ssl scan report for your web application. You can check tls protocol enable/disable list.

If you want to scan tls protocol version on your local, Run following commands for different versions of tls.

tls 1 and tls 1.1 are vulnerable versions.

openssl s_client -connect app.localhost:443 -tls1
openssl s_client -connect app.localhost:443 -tls1_1
openssl s_client -connect app.localhost:443 -tls1_2
openssl s_client -connect app.localhost:443 -tls1_3

If tls 1 or tls 1.1 is enabled for your webserver but you are not getting results on command line, you need to make configuration changes in your openssl.cnf file.

Take backup of your /etc/ssl/openssl.cnf

sudo cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bkup

Add this to the beginning of your config file /etc/ssl/openssl.cnf
openssl_conf = default_conf

And then this to the end:
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=1

Now  export path
export OPENSSL_CONF=/etc/ssl/openssl.cnf

Now check again

openssl s_client -connect app.localhost:443 -tls1
openssl s_client -connect app.localhost:443 -tls1_1 

Now it should show enabled tls protocols on command line

You can disable these protocols in your webserver config.

Author : Pavitr Kanetkar | No comments:
Labels: , , , , ,

ngcc not found, @angular/cli is already installed

If you get the error ngcc not found but you have already installed all required angular packages.

To solve the issue, run command

npm install @angular/compiler-cli --save

Author : Pavitr Kanetkar | No comments:
Labels:

Set npm Registry url locally

If npm takes registry url attribute from global npmrc config file and not from the file which is in your home directory then you want to modify global config npmrc but you can not update as you do not have root privileges.

You can set local registry url for your npm commands. 

npm config set registry https://registry.npmjs.org/

Now the url which is mentioned in global npmrc file will not be effective and it downloads package from this url only.

When you close the terminal and open new terminal, you need to run this command every time. To get rid off this, you need to add this command in your ~/.bashrc file, now whenever you open terminal, this command will be executed automatically in the background.

Author : Pavitr Kanetkar | No comments:
Labels: