To check the protocol that your web server is using for https type traffic, you would need to download and install "OpenSSL" utility on the computer from where you will be making connections to the web server.
Please see the instructions below to download and install "OpenSSL":-
1. Download "OpenSSL" from http://slproweb.com/products/Win32OpenSSL.html
2.As of June 11th 2012, you can download either "Win32 OpenSSL v1.0.1c Light" (for 32-bit Windows) or "Win64 OpenSSL v1.0.1c Light" (for 64-bit Windows)
3. It is recommended that you download and install the "Visual C++ 2008 Redistributables" as well before installing "OpenSSL" binaries. Please install the 32-bit or 64-bit version depending upon your OS type.
4. Once the "C++" and "OpenSSL" binaries are installed on the computer you should be ready to test the protocol that your webserver is using.
i. Open cmd on the computer where you installed "OpenSSL"
ii. Change path to the OpenSSL\bin directory
iii. Type the command: "openssl s_client -ssl2 -connect SERVERNAME:443" where SERVERNAME is the hostname (or FQDN) or IP address of your webserver and port 443 is your default https port.
iv. If your webserver does not support SSLv2, then you should receive output similar to this:-
openssl s_client -ssl2 -connect SERVERNAME:443
CONNECTED(00000003)
458:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
v. If your webserver does support SSLv2, then you would receive an output with the certificate key and lot of other information.
In the next post, I will demonstrate how to disable SSLv2 and other vulnerable protocols.
Please see the instructions below to download and install "OpenSSL":-
1. Download "OpenSSL" from http://slproweb.com/products/Win32OpenSSL.html
2.As of June 11th 2012, you can download either "Win32 OpenSSL v1.0.1c Light" (for 32-bit Windows) or "Win64 OpenSSL v1.0.1c Light" (for 64-bit Windows)
3. It is recommended that you download and install the "Visual C++ 2008 Redistributables" as well before installing "OpenSSL" binaries. Please install the 32-bit or 64-bit version depending upon your OS type.
4. Once the "C++" and "OpenSSL" binaries are installed on the computer you should be ready to test the protocol that your webserver is using.
i. Open cmd on the computer where you installed "OpenSSL"
ii. Change path to the OpenSSL\bin directory
iii. Type the command: "openssl s_client -ssl2 -connect SERVERNAME:443" where SERVERNAME is the hostname (or FQDN) or IP address of your webserver and port 443 is your default https port.
iv. If your webserver does not support SSLv2, then you should receive output similar to this:-
openssl s_client -ssl2 -connect SERVERNAME:443
CONNECTED(00000003)
458:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
v. If your webserver does support SSLv2, then you would receive an output with the certificate key and lot of other information.
In the next post, I will demonstrate how to disable SSLv2 and other vulnerable protocols.
No comments:
Post a Comment