https://www.gremwell.com/ en https://www.gremwell.com/does_your_test_system_support_sslv2 <span>Does your test system support SSLv2?</span> <div><p>Since July 2010 Ubuntu has disabled support for SSLv2 in OpenSSL library. If you are testing remote hosts for SSLv2 using a client that does not support it, you are getting false negatives.</p> <p>Here is how you can check if you system supports SSLv2:<br /><code><br /> alla@notsoshiny:~$ socat OPENSSL-LISTEN:1080,method=SSLv2,cert=cert.pem,verify=0 READLINE<br /></code></p> <p>cert.pem has to be a valid certificate file that includes a private key. Generate one with OpenSSL if you don't have it.</p> <p>If you get an error message saying "null ssl method", than you system does not support SSLv2. Go to <a href="http://security.sunera.com/2011/02/when-distros-sneak-attack.html">When Distros Sneak Attack</a> and read how to patch OpenSSL (or rather remove a patch) to support SSLv2 again.</p> <p>If you get no error message, try connecting to your listener with openssl s_client and check that SSLv2 connection is established. If it works, you can proceed testing remote servers.</p> <p>And while you are at it, have a look at <a href="http://www.gremwell.com/sslcaudit_v1_0">sslcaudit - a wonderful tool for automated testing of SSL clients</a>, that Alex has developed.</p> </div> <span><span lang="" about="/user/10" typeof="schema:Person" property="schema:name" datatype="">alla</span></span> <span>Wed, 05/09/2012 - 10:55</span> Wed, 09 May 2012 08:55:49 +0000 alla 420 at https://www.gremwell.com