How is QID 38142 - SSL Server Allows Anonymous Authentication Vulnerability detected?
The test for QID 38142 can be verified manually with the OpenSSL command-line client.
On a command line, type:
openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher aNULL
Where TARGET_IP is the IP address of the host in question and PORT_NUMBER is the port listed in the scan report for this QID.
For mail servers (port 25 and others) which use START TLS, you will need to use:
openssl s_client -connect 192.168.10.10:25 -cipher aNULL -starttls smtp
If the result is an SSL handshake error similar to the example below, the host is not vulnerable:
9216:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
However, if the connection is established and the SSL handshake information is displayed, the issue was successfully reproduced. Please note that some vendors may allow the initial SSL connection with an anonymous cipher, but disallow the connection once the underlying service is exercised.
Qualys Support KnowledgeBase