WebApp Sec: Re: SSL 2.0 enabled or disabled?

[Rogan Dawes <discard () dawes za net>]

Of course, if you're going to try it that way, it is easier to write a 
little script that iterates through the list of ciphers that OpenSSL 
knows about (openssl ciphers) and then use openssl to connect to the 
server in question with that specific cipher.
Regards,

Rogan

Dimitris Petropoulos wrote:

> > Does anyone know of a tool that can scan a web server to 
> > determine which version of SSL is being used?  nmap?  nessus?
>
> This can easily be achieved by simply using a browser, provided that the
> browser allows you to define the version of SSL/TLS to use. For example,
> in Interner Explorer's Advanced Internet Options one can enable SSL v2
> and disable SSL v3 and TLS v1 and try to connect to a website. If the
> connection is successful then the web server allows SSL v2. Some
> browsers (e.g. Mozilla) go even further and allow you to specify
> specific ciphersuites for each SSL/TLS version, making therefore testing
> of server SSL/TLS settings easier.

--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"