Home page logo

webappsec logo WebApp Sec mailing list archives

RE: SSL 2.0 enabled or disabled?
From: "Dimitris Petropoulos" <D.Petropoulos () encode-sec com>
Date: Thu, 20 May 2004 16:03:19 +0300

Does anyone know of a tool that can scan a web server to 
determine which version of SSL is being used?  nmap?  nessus?

This can easily be achieved by simply using a browser, provided that the
browser allows you to define the version of SSL/TLS to use. For example,
in Interner Explorer's Advanced Internet Options one can enable SSL v2
and disable SSL v3 and TLS v1 and try to connect to a website. If the
connection is successful then the web server allows SSL v2. Some
browsers (e.g. Mozilla) go even further and allow you to specify
specific ciphersuites for each SSL/TLS version, making therefore testing
of server SSL/TLS settings easier.

Best regards,

Dimitrios Petropoulos
MSc InfoSec, CISSP

Director, Security Research & Development
3, R.Melodou Str
151 25 Maroussi
Athens, Greece
Tel: +30210-6178410
Fax: +30210-6109579
web: www.encode-sec.com

Any views expressed in this message are those of the
individual sender, except where the sender specifically
states them to be the views of ENCODE S.A.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]