SSL/TLS Re-negotiation vulnerability (CVE-2009-3555) allows a man-in-the-middle to insert plain text in the beginning of an encrypted stream. It used to be possible to check if the server supports re-negotiation using OpenSSL s_client (see here). However, recent versions of OpenSSL disable insecure re-negotiation completely, so if you run s_client against a vulnerable target and request re-negotiation, it exits, same as if the target does not support re-negotiation:
GET / HTTP/1.1
R
RENEGOTIATING
4020:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
Ssltlstest, developed by Leviathan Security appears to reliably detect insecure SSL/TLS renegotiation:
alla@shiny2:~$ ./ssltlstest secure.example.com 443
Connected! Initiating client-renegotiation test...
WARNING!: Server appears to have client initiated renegotiation enabled!
TARGET IS VULNERABLE.
To compile ssltlstest on Linux do:
g++ -lssl -o ssltlstest ssltlstest.cpp
