How is QID 38139 - SSL Server has SSLv2 Enabled detected?
The test for QID 38139 can be verified manually with the OpenSSL command-line client.
On a command line, type:
openssl s_client -connect TARGET_IP:PORT_NUMBER -ssl2
where TARGET_IP is the IP address of the host in question, and PORT_NUMBER is the port listed in the scan report for this QID.
For mail servers (port 25 and others) which use START TLS, you will need to use:
openssl s_client -connect 192.168.10.10:25 -ssl2 -starttls smtp
If the result is an SSL handshake error similar to the example below, the host is not vulnerable:
CONNECTED(00000003) 9216:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
However, if the connection is established and the SSL handshake information is displayed, the issue was successfully reproduced. Please note that some vendors may allow the initial SSL connection with SSLv2, but disallow the connection once the underlying service is exercised.
Qualys Support KnowledgeBase