QID 38143 - SSL Server Allows Cleartext Communication Vulnerability indicates that the server allows HTTPS/SSL connections without a cipher, i.e. no encryption. How can I test/reproduce this behavior?
The test for QID 38143 can be verified manually with the openssl command line client. This client is commonly found on Unix based machines or can be found under CYGWIN on Windows as well.
On a command line, type:
openssl s_client -connect TARGET_IP:443 -cipher eNULL
Where TARGET_IP is the IP address of the host in question.
openssl s_client -connect 184.108.40.206:443 -cipher eNULL
11872:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:
220.127.116.11 does NOT accept the eNULL cipher
Now a working example using the cipher RC4-MD5 (sections marked with snip have some output removed for clarity of presentation)
openssl s_client -connect 18.104.22.168:443 -cipher RC4-MD5
<- snip ->
SSL handshake has read 2626 bytes and written 231 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Protocol : TLSv1
Cipher : RC4-MD5
<- snip ->
Qualys Support KnowledgeBase