Home page logo

webappsec logo WebApp Sec mailing list archives

Re: SSL 2.0 enabled or disabled?
From: Mark Foster <mark () foster cc>
Date: Thu, 20 May 2004 08:27:05 -0700

Blane Perry wrote:
Does anyone know of a tool that can scan a web server to determine which
version of SSL is being used?  nmap?  nessus?

Consider the versatile s_client tool which comes with openssl.

openssl s_client -connect host:port

Look for Protocol in the output.

Quoting from the manpage
"By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate."

You can add -ssl2, -ssl3, -tls1, -no_ssl2 etcetera, to enforce a particular protocol (which may fail).

Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark () foster cc>  http://mark.foster.cc/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]