Posted about 8 years ago. Visible to the public.
Test whether Perfect Forward Secrecy (PFS) is enabled on a server (using OpenSSL)
Use the following command to test if a server (in this example: makandra.com on port 443) uses Perfect Forward Secrecy (PFS):
Copyopenssl s_client -connect makandra.com:443 -cipher ECDHE-RSA-RC4-SHA
You should see something like the following:
Copy~ > openssl s_client -connect projecthero.com:443 -cipher ECDHE-RSA-RC4-SHA CONNECTED(00000003) depth=1 O = AlphaSSL, CN = AlphaSSL CA - G2 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=DE/OU=Domain Control Validated/CN=www.projecthero.com i:/O=AlphaSSL/CN=AlphaSSL CA - G2 ...
Note that OpenSSL keeps the connection open if PFS is supported.
In case the server does not support PFS, it looks like this:
Copy~ > openssl s_client -connect localhost:443 -cipher ECDHE-RSA-RC4-SHA CONNECTED(00000003) 140293946562208:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:724: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 127 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
... and OpenSSL exits.
Does your version of Ruby on Rails still receive security updates?
Rails LTS provides security patches for unsupported versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2).
