WebApp Sec mailing list archives
RE: SSL 2.0 enabled or disabled?
From: "Dimitris Petropoulos" <D.Petropoulos () encode-sec com>
Date: Thu, 20 May 2004 16:03:19 +0300
Does anyone know of a tool that can scan a web server to determine which version of SSL is being used? nmap? nessus?
This can easily be achieved by simply using a browser, provided that the browser allows you to define the version of SSL/TLS to use. For example, in Interner Explorer's Advanced Internet Options one can enable SSL v2 and disable SSL v3 and TLS v1 and try to connect to a website. If the connection is successful then the web server allows SSL v2. Some browsers (e.g. Mozilla) go even further and allow you to specify specific ciphersuites for each SSL/TLS version, making therefore testing of server SSL/TLS settings easier. Best regards, ----------------------- Dimitrios Petropoulos MSc InfoSec, CISSP Director, Security Research & Development ENCODE S.A. 3, R.Melodou Str 151 25 Maroussi Athens, Greece Tel: +30210-6178410 Fax: +30210-6109579 web: www.encode-sec.com ------------------------ ****************************************************************** Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of ENCODE S.A. ******************************************************************
Current thread:
- SSL 2.0 enabled or disabled? Ooper Starr (May 18)
- Re: SSL 2.0 enabled or disabled? Ralf Durkee (May 19)
- Re: SSL 2.0 enabled or disabled? Jason Coombs (May 20)
- <Possible follow-ups>
- Re: SSL 2.0 enabled or disabled? Ralf Durkee (May 20)
- Re: SSL 2.0 enabled or disabled? Blane Perry (May 20)
- Re: SSL 2.0 enabled or disabled? Mark Foster (May 20)
- RE: SSL 2.0 enabled or disabled? Dimitris Petropoulos (May 20)
- Re: SSL 2.0 enabled or disabled? Rogan Dawes (May 20)
- RE: SSL 2.0 enabled or disabled? Dimitris Petropoulos (May 20)
- Re: SSL 2.0 enabled or disabled? Rogan Dawes (May 21)
- Re: SSL 2.0 enabled or disabled? James Bowman (May 24)
- RE: SSL 2.0 enabled or disabled? Dimitris Petropoulos (May 25)
- Re: SSL 2.0 enabled or disabled? Ralf Durkee (May 19)