[openssl-users] test for DROWN CVE
Ángel González
angel at tls.16bits.net
Fri Mar 4 21:25:57 UTC 2016
Nounou Dadoun wrote:
> There was a suite of test scripts posted to the dev list (I set them
> up and used them very quickly), see below ....
>
> Nou Dadoun
> Senior Firmware Developer, Security Specialist
Do note that there command lines were exchanged on the email describing
the scripts, though:
To verify that an https server at example.com does not support SSLv2
at all you should use test-sslv2-force-cipher.py, not test-sslv2-force-
export-cipher.py.
test-sslv2-force-export-cipher.py should be used to to only verify that
the server does not support export grade SSLv2 ciphers.
And thus, it's test-sslv2-force-cipher.py the one who is a superset of
the test-sslv2-force-export-cipher.py
Additionally, I'd like to point out the undocumented feature that
instead of using -p port, they also support -h host:port, which is
handy when dealing with lists of servers and ports.
Regards
More information about the openssl-users
mailing list