Skip to main content
Information Security

Return to Answer

Commonmark migration
Source Link
Community Bot
Community Bot
  • 1

OpenSSL s_client

#OpenSSL s_client ToTo check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

Nmap

#Nmap AlternativelyAlternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for example.com (203.0.113.100) Host is up (0.090s latency). rDNS record for 203.0.113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:

#OpenSSL s_client To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

#Nmap Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for example.com (203.0.113.100) Host is up (0.090s latency). rDNS record for 203.0.113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:

OpenSSL s_client

To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

Nmap

Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for example.com (203.0.113.100) Host is up (0.090s latency). rDNS record for 203.0.113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:
copy edit; typo; subheaders
Source Link
StackzOfZtuff
StackzOfZtuff
  • 18.3k
  • 1
  • 55
  • 86

To#OpenSSL s_client To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

Alternatively#Nmap Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com**com Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for example.com (203.0.113.100) Host is up (0.090s latency). rDNS record for 203.0.113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:

To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com** Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for example.com (203.0.113.100) Host is up (0.090s latency). rDNS record for 203.0.113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:

#OpenSSL s_client To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

#Nmap Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for example.com (203.0.113.100) Host is up (0.090s latency). rDNS record for 203.0.113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:
Used IANA reserved for testing. Changed facebook.com to example.com; IP address to documentation subnet.
Source Link
Jens Erat
Jens Erat
  • 25.1k
  • 12
  • 86
  • 103

To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com** Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for facebookexample.com (173203.2520.120113.6100) Host is up (0.090s latency). rDNS record for 100203.1000.100113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:

To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com** Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for facebook.com (173.252.120.6) Host is up (0.090s latency). rDNS record for 100.100.100.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:

To check if you have disabled the SSLv3 support, then run the following

openssl s_client -connect example.com:443 -ssl3

which should produce something like

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

meaning SSLv3 is disabled on the server. Otherwise the connection will established successfully.

Alternatively, you can use nmap to scan server for supported version:

# nmap --script ssl-enum-ciphers example.com** Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT Nmap scan report for example.com (203.0.113.100) Host is up (0.090s latency). rDNS record for 203.0.113.100: edge.example.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https | ssl-enum-ciphers: | **SSLv3: No supported ciphers found** | TLSv1.0:
Used IANA reserved for testing. Changed facebook.com to example.com; changed real IP to 100.100.100.100.
Source Link
edit approved Jan 15, 2015 at 9:15
user29925
edit approved Jan 15, 2015 at 9:15
user29925
formatting; style
Source Link
edit approved Oct 15, 2014 at 20:09
Alois Mahdal
edit approved Oct 15, 2014 at 20:09
Alois Mahdal
  • 393
  • 1
  • 6
  • 16
another method to scan the server for supported SSL or TLS version
Source Link
ifexploit
ifexploit
  • 2.5k
  • 1
  • 17
  • 12
Source Link
ifexploit
ifexploit
  • 2.5k
  • 1
  • 17
  • 12