<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 07/27/2017 02:49 PM, Todd Blum wrote:<br>
<blockquote type="cite"
cite="mid:CAPKwGrdiNJB=qWDpTzF1vqad=ipS2CcKnsfuMNJGyy-dN4DzgA@mail.gmail.com">
<div> SSLv2 Record Layer: Client Hello</div>
</blockquote>
<br>
SSLv2-compatible ClientHello is pretty old and probably unneeded<br>
<br>
<blockquote type="cite"
cite="mid:CAPKwGrdiNJB=qWDpTzF1vqad=ipS2CcKnsfuMNJGyy-dN4DzgA@mail.gmail.com">
<div> [Version: SSL 2.0 (0x0002)]</div>
<div> Length: 46</div>
<div> Handshake Message Type: Client Hello (1)</div>
<div> Version: SSL 3.0 (0x0300)</div>
<div> Cipher Spec Length: 21</div>
<div> Session ID Length: 0</div>
<div> Challenge Length: 16</div>
<div> Cipher Specs (7 specs)</div>
<div> Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA
(0x00000a)</div>
<div> Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
(0x000013)</div>
<div> Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)</div>
<div> Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)</div>
<div> Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)</div>
<div> Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5
(0x0700c0)</div>
<div> Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
(0x0000ff)</div>
<div> Challenge</div>
</blockquote>
<br>
All of those are pretty bad ciphers; can you update the client to
use better ones?<br>
<br>
Otherwise you might have to do something like include @SECLEVEL=0 in
the cipher spec on the server to enable the weak ciphers.<br>
<br>
-Ben<br>
</body>
</html>