22Şub
Automatically check if a certificate matches specific ciphers
My nginx backend server supports the following ciphers:
ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
I allow the client to upload their own SSL certificate and key and I want to validate that it matches one of the configured ciphers. Otherwise they lose access to the server when I restart nginx config with the newly uploaded certificate. When I use openssl x509 I get an output with something like
Signature Algorithm: ecdsa-with-SHA256
How can I use python or bash code to take this string and figure out if it's valid for my nginx config?
