Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Data Recovery  |  Forums   | Blog | IT Exam Practice | Services  | About Us | Chicagotech MVP  | Search  | Contact Us  |                  Laptop for rent: $35 per day plus $10 for additional day

rental
 

 

Do you know the way to test if our IIS is using SSL 2 or 3?

A: Based on my research, I think you can use SSL analysis tool or OpenSSL tool, please have a reference from http://www.slproweb.com/products/Win32OpenSSL.html. I am not sure that if this is a right way to view certificate version. If it is V3, which means SSL V3.

Here are our test results.

Before disabling the SSL 2.0

serversniff net

Serversniff SSL-Check, using:

OpenSSL 0.9.8h 28 May 2008

Preferred cipher:

TLSv1/SSLv3, Cipher is AES128-SHA AES(128)

Available SSL2 ciphers:

DES-CBC3-MD5

168 bit

RC4-MD5

128 bit

Available SSL3 ciphers:

DES-CBC3-SHA

168 bit

RC4-SHA

128 bit

RC4-MD5

128 bit

Available TLS1 ciphers:

AES256-SHA

256 bit

DES-CBC3-SHA

168 bit

AES128-SHA

128 bit

RC4-SHA

128 bit

RC4-MD5

128 bit

 

Certificate:

Domain (CN): chicagotech.dyndns.org

Valid from: Nov 4 19:58:30 2010 GMT

Valid until: Nov 3 19:58:30 2012 GMT

 

Herausgeber:

Domain (CN): chicagotech-SBS2008-CA1

 

SSL-Connection:

SSL-Overhead: SSL handshake has read 1703 bytes and written 444 bytes

New, TLSv1/SSLv3, Default Cipher is AES128-SHA

Length of public server-key: 2048 bit

Default protocol : TLSv1

Default Cipher : AES128-SHA

 

TLS 1.1 support... no

fallback from TLS 1.1 to... TLS 1.0

TLS 1.0 support... yes

SSL 3.0 support... yes

server can accept Hello Extensions... yes

server can accept cipher suites not in SSL 3.0 spec... yes

server can accept a bogus TLS record version in the client hello... yes

server understands TLS closure alerts... no

server supports session resumption... yes

ephemeral Diffie Hellman support... no

ZLIB compression support (TLS extension)... no

LZO compression support (GnuTLS extension)... no

SRP authentication support (TLS extension)... no

OpenPGP authentication support (TLS extension)... no

 After disabling SSL 2.0

Serversniff SSL-Check, using:

OpenSSL 0.9.8h 28 May 2008

Preferred cipher:

TLSv1/SSLv3, Cipher is AES128-SHA AES(128)

Available SSL2 ciphers:

Available SSL3 ciphers:

DES-CBC3-SHA

168 bit

RC4-SHA

128 bit

RC4-MD5

128 bit

Available TLS1 ciphers:

AES256-SHA

256 bit

DES-CBC3-SHA

168 bit

AES128-SHA

128 bit

RC4-SHA

128 bit

RC4-MD5

128 bit

 

Certificate:

Domain (CN): chicagotech.dyndns.org

Valid from: Nov 4 19:58:30 2010 GMT

Valid until: Nov 3 19:58:30 2012 GMT

 

Herausgeber:

Domain (CN): chicagotech-SBS2008-CA1

 

SSL-Connection:

SSL-Overhead: SSL handshake has read 1703 bytes and written 444 bytes

New, TLSv1/SSLv3, Default Cipher is AES128-SHA

Length of public server-key: 2048 bit

Default protocol : TLSv1

Default Cipher : AES128-SHA

 

TLS 1.1 support... no

fallback from TLS 1.1 to... TLS 1.0

TLS 1.0 support... yes

SSL 3.0 support... yes

server can accept Hello Extensions... yes

server can accept cipher suites not in SSL 3.0 spec... yes

server can accept a bogus TLS record version in the client hello... yes

server understands TLS closure alerts... no

server supports session resumption... yes

ephemeral Diffie Hellman support... no

ZLIB compression support (TLS extension)... no

LZO compression support (GnuTLS extension)... no

SRP authentication support (TLS extension)... no

OpenPGP authentication support (TLS extension)... no

 

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Related Topics


 

 


 

 

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.