Revisions to How do I use "openssl s_client" to test for (absence of) SSLv3 support?

Fix bad edit

edited Sep 12, 2018 at 17:55

15.9k
5
47
54

I created this test for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note:

Written for the bash on Mac OS X so can't say for sure it will work everywhere
Uses time outgtimeout vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one hostname or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

I created this test for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note:

Written for the bash on Mac OS X so can't say for sure it will work everywhere
Uses time out vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one hostname or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

I created this test for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note:

Written for the bash on Mac OS X so can't say for sure it will work everywhere
Uses gtimeout vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one hostname or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

correct some mistake

Source Link

edit approved Sep 12, 2018 at 17:53

R1W

1.6k
3
18
31

I created this test for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note:

Written for the bash on Mac OS X so can't say for sure it will work everywhere
Uses gtimeouttime out vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one host namehostname or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

I created this test for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note:

Written for bash on Mac OS X so can't say for sure it will work everywhere
Uses gtimeout vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one host name or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

I created this test for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note:

Written for the bash on Mac OS X so can't say for sure it will work everywhere
Uses time out vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one hostname or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

not a one liner anymore

Source Link

edit approved Nov 1, 2014 at 3:23

cwd

103
2

I whipped a one-liner forcreated this yesterday. It teststest for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note about this one-liner:

Written for bash on Mac OS X so can't say for sure it will work everywhere
Uses gtimeout vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one host name or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

I whipped a one-liner for this yesterday. It tests for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note about this one-liner:

Written for bash on Mac OS X so can't say for sure it will work everywhere
Uses gtimeout vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one host name or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done

I created this test for the availability of the SSLv3 protocol. There is probably a better way to search for a string that also shows that CBC ciphers are in use, but most people just seem to want to know if SSLv3 is available at all.

A few things to note:

Written for bash on Mac OS X so can't say for sure it will work everywhere
Uses gtimeout vs. timeout since Mac is weird about those core utils
allexternal.txt is a file with one host name or IP per line

script:

for ip in `awk '{print $1}' < allexternal.txt`; do if gtimeout 30 openssl s_client -connect $ip:443 -ssl3 | grep -q 'Protocol : SSLv3' ; then echo $ip SSLv3 detected >> sslv3output; else echo $ip SSLv3 NOT detected >> sslv3output; fi; done