openssl - Does this image means SSLv3 is enabled? -
i see there tlsv1/sslv3, protocol used tlsv1.2.
any advice warming welcome.
this particular test doesn't show sslv3. new, <ver> cipher is
line version of openssl's internal cipher description, same sslv3 , versions of tls (to date), , different sslv2 (which nobody should using today, openssl still has code support unless build option specified). correctly identified, value in protocol:
protocol version negotiated.
but doesn't prove sslv3 disabled. server can support multiple protocol versions , choose 1 each connection, preferably , highest available, , servers do. openssl s_client
default offers up to tlsv1.2, , server capable of tlsv1.2 agree that, server in case did. if client offers lower version server can either agree or reject it. poodle , similar attacks work tricking client offering sslv3 server agrees. if want test vulnerability, try s_client
-ssl3
, see whether that produces session or not.
Comments
Post a Comment