Testing with OpenSSL

Recently, I've ran into a few situations were I had to start testing for if SSLv2 was allowing connections. Instead of using a tool such as a vulnerability scanner, I found that the best way to go about this was with openssl and s_client. This would allow me to fine tune my request to get the information that I needed manually and cut out the time spent waiting for a scanner to finish.

Here is an example of how you can check if SSLv2 is allowed on a system using openssl

Allowed Connection:
root#openssl s_client -ssl2 -no_ssl3 -no_tls1 -connect 192.168.1.2:443
CONNECTED(00000003)
...certificate exhange etc....
SSL handshake has read 879 bytes and written 236 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2 <---Tells us SSLv2 was used for the session
Cipher : DES-CBC3-MD5
Session-ID: 26691A60E4F2220AB63D22A032E26872
Session-ID-ctx:
Master-Key: CC2E5772DA1C9908333FC4905136041BADAB4ED4F965537E
Key-Arg : 86F6F36C8D5FD389
Krb5 Principal: None
Start Time: 1274455830
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

Denied Connection:
root#openssl s_client -ssl2 -no_ssl3 -no_tls1 -connect 192.168.1.3:443
CONNECTED(00000003)
2790:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

That covers an easy way to test if SSLv2 is allowed on a web server, my next post I'll cover how to check for ciphers, maybe a little more.

Comments

Popular posts from this blog

And now for something completely different...

Well I guess it's time to start this back up.

Been awhile hasn't it.