[openssl-users] test for DROWN CVE

Ángel González angel at tls.16bits.net
Fri Mar 4 21:25:57 UTC 2016


Nounou Dadoun wrote:
> There was a suite of test scripts posted to the dev list (I set them
> up and used them very quickly), see below ....
> 
> Nou Dadoun
> Senior Firmware Developer, Security Specialist


Do note that there command lines were exchanged on the email describing
the scripts, though:

To verify that an https server at example.com does not support SSLv2
at all you should use test-sslv2-force-cipher.py, not test-sslv2-force-
export-cipher.py.
test-sslv2-force-export-cipher.py should be used to to only verify that
the server does not support export grade SSLv2 ciphers.

And thus, it's test-sslv2-force-cipher.py the one who is a superset of
the test-sslv2-force-export-cipher.py


Additionally, I'd like to point out the undocumented feature that
instead of using -p port, they also support -h host:port, which is
handy when dealing with lists of servers and ports.

Regards


More information about the openssl-users mailing list