info home general windows unix linux debian mac os apache nginx iphone

Recent Articles

How to rename multiple files in Unix or Linux

Convert docx to doc in Mac OS X Snow Leopard or Leopard

HISTORY shell variable management in Unix/Linux

How to eject CD/DVD from your MacBook or iMac

Play Prince of Persia on Ubuntu Linux using DOSBox

Popular Articles

How to find IP address of the email sender

How to rescue your files if Windows is busted!

How to hack your Linksys router

Save a document as PDF

Solaris admin commands

Installing Ubuntu Linux in Sun VirtualBox

Tags

Test for SSL version

Tags: ssl, apache

Most web servers that run SSL (https) run on SSL version 3 or TLS version 1. There are still some outdated servers running SSL version 2.

To check if your web server is running SSL v2.0, run this on your Unix/Linux console: 
openssl s_client -connect localhost:443 -ssl2

If it shows an error like SSL2_WRITE:ssl handshake failure:s2_pkt.c, it means SSL v2.0 has been disabled.

EXAMPLE: Lets test if slashdot.org is running SSL v2.0 or v3.0.

Check for SSL version 2

$ openssl s_client -connect slashdot.org:443 -ssl2
CONNECTED(00000004)
11358:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Check for SSL version 3

$ openssl s_client -connect slashdot.org:443 -ssl2
CONNECTED(00000004)
depth=0 /C=US/O=slashdot.org/OU=3246035501/OU=See www.geotrust.com/resources/cps (c)08/OU= 
   Domain Control Validated - QuickSSL(R)/CN=slashdot.org
verify error:num=20:unable to get local issuer certificate
verify return:1
........
........
........
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-MD5

Enable version SSLv3 and disable SSLv2

Edit Apache's ssl.conf and include these lines at minimum: 
SSLProtocol -all +SSLv3
SSLCipherSuite SSLv3:+HIGH:+MEDIUM
Restart Apache and you're good to go.

Last Update: October 2008