How is QID 38139 - SSL Server has SSLv2 Enabled detected?

Document created by kb-author-1 Employee on May 19, 2010Last modified by eschamp on Sep 2, 2010
Version 2Show Document
  • View in full screen mode

Issue:

How is QID 38139 - SSL Server has SSLv2 Enabled detected?

 

Solution:

The test for QID 38139 can be verified manually with the OpenSSL command-line client.

 

On a command line, type:

openssl s_client -connect TARGET_IP:PORT_NUMBER -ssl2

 

where TARGET_IP is the IP address of the host in question, and PORT_NUMBER is the port listed in the scan report for this QID.

 

For mail servers (port 25 and others) which use START TLS, you will need to use:

openssl s_client -connect 192.168.10.10:25 -ssl2 -starttls smtp

 

If the result is an SSL handshake error similar to the example below, the host is not vulnerable:

-----[example]-----

CONNECTED(00000003)
9216:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:

-----[/example]-----

 

However, if the connection is established and the SSL handshake information is displayed, the issue was successfully reproduced. Please note that some vendors may allow the initial SSL connection with SSLv2, but disallow the connection once the underlying service is exercised.

 

Qualys Support KnowledgeBase

http://community.qualys.com/community/kb

Attachments

    Outcomes