track ip addresses, phone numbers, etc

Test for SSL version

Published on 01 October 2008

Most web servers that run SSL (https) run on SSL version 3 or TLS version 1. There are still some outdated servers running SSL version 2.

To check if your web server is running SSL v2.0, run this on your Unix/Linux console:

openssl s_client -connect localhost:443 -ssl2

If it shows an error like SSL2_WRITE:ssl handshake failure:s2_pkt.c, it means SSL v2.0 has been disabled.

EXAMPLE: Lets test if is running SSL v2.0 or v3.0.

Check for SSL version 2

$ openssl s_client -connect -ssl2
11358:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Check for SSL version 3

$ openssl s_client -connect -ssl2
depth=0 /C=US/ (c)08/OU= 
   Domain Control Validated - QuickSSL(R)/
verify error:num=20:unable to get local issuer certificate
verify return:1
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
    Protocol  : SSLv3
    Cipher    : RC4-MD5

Enable version SSLv3 and disable SSLv2

Edit Apache's ssl.conf and include these lines at minimum:

SSLProtocol -all +SSLv3

Restart Apache and you're good to go.

Created on 01 October 2008

TAGS: ssl, apache

Affiliate Disclosure: Some of the links to products on this blog are affiliate links. It simply means, at no additional cost to you, we’ll earn a commission if you click through and buy any product.