RE: SSL 2.0 enabled or disabled?

["Dimitris Petropoulos" <D.Petropoulos () encode-sec com>]

> Does anyone know of a tool that can scan a web server to 
> determine which version of SSL is being used?  nmap?  nessus?

This can easily be achieved by simply using a browser, provided that the
browser allows you to define the version of SSL/TLS to use. For example,
in Interner Explorer's Advanced Internet Options one can enable SSL v2
and disable SSL v3 and TLS v1 and try to connect to a website. If the
connection is successful then the web server allows SSL v2. Some
browsers (e.g. Mozilla) go even further and allow you to specify
specific ciphersuites for each SSL/TLS version, making therefore testing
of server SSL/TLS settings easier.

Best regards,

-----------------------
Dimitrios Petropoulos
MSc InfoSec, CISSP

Director, Security Research & Development
 
ENCODE S.A.
3, R.Melodou Str
151 25 Maroussi
Athens, Greece
Tel: +30210-6178410
Fax: +30210-6109579
web: www.encode-sec.com
------------------------


******************************************************************
Any views expressed in this message are those of the
individual sender, except where the sender specifically
states them to be the views of ENCODE S.A.
******************************************************************