-
-
Save degan/70e8059507d173751294 to your computer and use it in GitHub Desktop.
| see discussion below |
WARNING: Upon further investigation, NONE of these openssl based methods are good enough. Not this gist and not my own suggestion earlier.
It looks like 'openssl s_client' does not "detect" a cipher it doesn't support it self. So if the machine you're testing FROM is fairly up-to-date, you may miss any ciphers that are already removed from your version. I haven't checked if this is a real-world-issue and i don't have time that right now, so i opt for a different detection mechanism, that will detect all combinations.
I suggest using nmap instead.
nmap --script ssl-enum-ciphers -p 443 sohu.com|grep EXPORT
This is a lot slower, but it catches all export ciphers.
And if you need a drop-in replacement for my earlier command, which prints 1 for vulnerable and 0 for clean:
nmap --script ssl-enum-ciphers -p 443 sohu.com|grep EXPORT -l |wc -l
On my system (CentOS 6.6), nmap outputs on STDERR not STDOUT... so you need an extra 2>&1 to avoid false "safe" messages... ie
nmap --script ssl-enum-ciphers -p 443 sohu.com 2>&1 | grep EXPORT -l | wc -l
Edit...
Hmm... not quite true... for sohu.com (as above..) I need it... but for example, for mumsnet.com I didn't ?? Don't have time to experiment... but to be sure... I'd check the output....
You can use this online tool to check if you webserver is vulnerable:
Great feedback and discussion, it looks like nmap is indeed a better method:
nmap --script ssl-enum-ciphers -p 443 sohu.com|grep EXPORT
This is how it looks for: