QID 38141 - How to verify

Document created by kb-author-1 Employee on May 17, 2010Last modified by Robert Dell'Immagine on Jul 12, 2010
Version 7Show Document
  • View in full screen mode

Issue:  QualysGuard scan results show that our host is vulnerable with QID 38141 - SSL Server May Be Forced to Use Weak Encryption Vulnerability.  How can I verifiy the result?


Solution:  The test for QID 38141 can be verified manually on a Unix based machine using openssl. Openssl is also available under Windows under the CYGWIN toolkit.


On a command line, type:


openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher CIPHER_NAME


Where TARGET_IP is the IP address of the host in question, PORT_NUMBER is the port listed in the scan report for this QID, and CIPHER_NAME is a ciphername mentioned in the scan results.


If the connection is established successfully using a weak encryption cipher, the host is vulnerable. The response contains a large amount of data, including similar to the following at the bottom:


---


SSL handshake has read 812 bytes and written 232 bytes


---


New, TLSv1/SSLv3, Cipher is EXP1024-RC4-SHA


Server public key is 1024 bit


SSL-Session:


Protocol : TLSv1


Cipher : EXP1024-RC4-SHA


Session-ID: 914C354F6AB7D531B6C80D121F28E8CBB8541D890C7537117A65386E70EABD9E


Session-ID-ctx:


Master-Key: B1B467B86136B5812BC3538480F8FDEF2678AB7E01D99A554A937B2BAB13BA4EC187D44782E19081811F75461F6110E3


Key-Arg : None


Krb5 Principal: None


Start Time: 1099425950


Timeout : 300 (sec)


Verify return code: 18 (self signed certificate)



Qualys Support KnowledgeBase

http://community.qualys.com/community/kb


ID:  0001.001.613.000

Attachments

    Outcomes