Home page logo

pen-test logo Penetration Testing mailing list archives

Re: How to check for SSL1 ?
From: Thomas Springer <tuevsec () gmx net>
Date: Thu, 29 Sep 2005 11:08:12 +0200

Hi Sahir,

Foundstone has a free tool called SSL Digger which basically does what
you're looking for -- identify the cipher suites supported by a particular

I find this one nice, but I want to dig a bit deeper.

Let me explain (correct me if im wrong!)

To get an encrypted connection, you have to choose one of different PROTOCOLS for establishing your ssl-connection:

- ssl v1 (ancient, considered vulnerable to mitm-attacks)
- ssl v2 (old, considered vulnerable to mitm-attacks, but still supported by some servers)
- ssl v3 (considered secure, but seldom used)
- tls 1.0 (typically preferred these days)
- tls 1.1 (rfc-draft, supported only by gnutls (server) and Opera (client))

The connection-type is determined by the client. Almost all clients (e.g. Browsers) try to establish a TLS1.0-Connection first. If TLS1.0 is not available, they will fall back to SSLv3 (like they do at https://www.verisign.com) or something other the client supports.

On top of this PROTOCOL the server offers a "preferred CIPHER" to be used. If the client (e.g. Browser) agrees, this one is used, otherwise the server will present other supported ciphers until the client agrees to use one of them.
Almost all clients support the strong AES256-cipher these days.

SSLDigger only checks available CIPHERS, not PROTOCOLS, nor will it show you the preferred cipher the server presents first! (Especially busy servers tend to present "cheap" ciphers first to minimize load on server or SSL-proxy, even when they would support stronger ciphers.)

Have a look at the ssl-check at http://serversniff.net/sslcheck.php to see things at work.

What i wanted to check is, wether a server still offers the sslv1-Protocol. I also think to remember that there were other SSL-Like protocols years ago - any hints on these?


Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]