Verify QID 38143 - SSL Server Allows Cleartext Communication Vulnerability

Document created by kb-author-1 Employee on May 19, 2010Last modified by Joe Gregory on Dec 4, 2012
Version 6Show Document
  • View in full screen mode


Issue:

QID 38143 - SSL Server Allows Cleartext Communication Vulnerability indicates that the server allows HTTPS/SSL connections without a cipher, i.e. no encryption. How can I test/reproduce this behavior?


Solution:

The test for QID 38143 can be verified manually with the openssl command line client. This client is commonly found on Unix based machines or can be found under CYGWIN on Windows as well.


On a command line, type:


openssl s_client -connect TARGET_IP:443 -cipher eNULL


Where TARGET_IP is the IP address of the host in question.


Example:


openssl s_client -connect 64.39.97.100:443 -cipher eNULL


CONNECTED(00000003)


11872:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:


64.39.97.100 does NOT accept the eNULL cipher


Now a working example using the cipher RC4-MD5 (sections marked with snip have some output removed for clarity of presentation)


openssl s_client -connect 64.39.97.100:443 -cipher RC4-MD5


CONNECTED(00000003)


<- snip ->


SSL handshake has read 2626 bytes and written 231 bytes


---


New, TLSv1/SSLv3, Cipher is RC4-MD5


Server public key is 1024 bit


Compression: NONE


Expansion: NONE


SSL-Session:


    Protocol  : TLSv1


    Cipher    : RC4-MD5


<- snip ->






Qualys Support KnowledgeBase

http://community.qualys.com/community/kb




ID:  0001.001.613.000

Attachments

    Outcomes