WebApp Sec mailing list archives
Re: SSL 2.0 enabled or disabled?
From: Mark Foster <mark () foster cc>
Date: Thu, 20 May 2004 08:27:05 -0700
Blane Perry wrote:
Does anyone know of a tool that can scan a web server to determine which version of SSL is being used? nmap? nessus?
Consider the versatile s_client tool which comes with openssl. openssl s_client -connect host:port Look for Protocol in the output. Quoting from the manpage"By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate."
You can add -ssl2, -ssl3, -tls1, -no_ssl2 etcetera, to enforce a particular protocol (which may fail).
-- Some days it's just not worth chewing through the restraints... Mark D. Foster, CISSP <mark () foster cc> http://mark.foster.cc/
Current thread:
- SSL 2.0 enabled or disabled? Ooper Starr (May 18)
- Re: SSL 2.0 enabled or disabled? Ralf Durkee (May 19)
- Re: SSL 2.0 enabled or disabled? Jason Coombs (May 20)
- <Possible follow-ups>
- Re: SSL 2.0 enabled or disabled? Ralf Durkee (May 20)
- Re: SSL 2.0 enabled or disabled? Blane Perry (May 20)
- Re: SSL 2.0 enabled or disabled? Mark Foster (May 20)
- RE: SSL 2.0 enabled or disabled? Dimitris Petropoulos (May 20)
- Re: SSL 2.0 enabled or disabled? Rogan Dawes (May 20)
- RE: SSL 2.0 enabled or disabled? Dimitris Petropoulos (May 20)
- Re: SSL 2.0 enabled or disabled? Rogan Dawes (May 21)
- Re: SSL 2.0 enabled or disabled? James Bowman (May 24)
- RE: SSL 2.0 enabled or disabled? Dimitris Petropoulos (May 25)
- Re: SSL 2.0 enabled or disabled? Ralf Durkee (May 19)