Re: How to check for SSL1 ?

From: Sahir Hidayatullah (sahirh@mielesecurity.com)
Date: Thu Sep 29 2005 - 04:42:41 EDT


Hi Thomas,
Foundstone has a free tool called SSL Digger which basically does what
you're looking for -- identify the cipher suites supported by a particular
SSL connection. It is also fairly descriptive about why certain
ciphersuites are weak etc.

If I remember correctly it will do SSL1. You can get it here:
http://www.foundstone.com/resources/proddesc/ssldigger.htm

Cheers,

Sahir Hidayatullah
------------------
Technical Consultant - Information Security
MIEL e-Security Pvt. Ltd.

> I hacked together an SSL-Checker (see a public version at
> http://serversniff.net/sslcheck.php) to check ssl-servers for supported
> protocols and ciphers. While the script is able to check for SSL2, SSL3,
> TLS1.0 and TLS1.1, I'm still looking for a software that is capable of
> checking servers for the ancient SSL1.
> Can anybody help me with a software that supports ssl1-connections?
>
> I also think to remember that there used to be other ancient
> secure-protocols supported by common servers - any hints on this?
>
> Thanks for any hints,
>
> Thomas
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:01 EDT