mailing list archives
Re: SSL 2.0 enabled or disabled?
From: Mark Foster <mark () foster cc>
Date: Thu, 20 May 2004 08:27:05 -0700
Blane Perry wrote:
Does anyone know of a tool that can scan a web server to determine which
version of SSL is being used? nmap? nessus?
Consider the versatile s_client tool which comes with openssl.
openssl s_client -connect host:port
Look for Protocol in the output.
Quoting from the manpage
"By default the initial handshake uses a method which should be
compatible with all servers and permit them to use SSL v3, SSL v2 or TLS
You can add -ssl2, -ssl3, -tls1, -no_ssl2 etcetera, to enforce a
particular protocol (which may fail).
Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark () foster cc> http://mark.foster.cc/