AnsweredAssumed Answered

How Qualys checks for SSLv3?

Question asked by snowball48 on May 11, 2016
Latest reply on May 11, 2016 by aklesnicki

Hi,

 

I have a few machines which Qualys VM identified as having SSLv3 enabled QID "SSL Server Has SSLv3 Enabled Vulnerability" however SSL Lab says otherwise. I tested the machines on SSL Lab, Nmap, sslyze and SSLScan and all the tools reported SSLv3 are being disabled and no SSLv3 ciphers are supported but in the Qualys report it's saying SSLv3 is enabled.

 

The same situation has happened with RC4 and POODLE.

 

So my question is, how does Qualys VM checks for SSLv3?

 

Thanks.

Outcomes