This post might help some of you out there that working as a pentester/security consultant/IT staff/etc.
During pentest,after scanned the server/host/ip, u might get a result saying that the server/host/ip using old version of SSL. The latest one currently is version 3.
So,how to ensure this is a true positive or false positive? U can check it by using Internet Explorer browser.
go to Tools > Internet Options
then
go to the Advance tab.
tick the box like i show below if u want to check either that server/host/ip using old version of SSL in this case v2.
then click OK.
go the server/host/ip using the same browser.
if u can get to the webpage, this means the server/host/ip is using v2 of SSL.
if not,u'll get an error/too long to load/timeout connection/,this means the server/host/ip is not using the v2 of SSL.
then,try to check for the other version,in this case is version 3.
the same thing u need to check. after tick the v3 SSL box, check the server/host/ip
like u did for v2 SSL.
hope u all can understand my post :)
p0pc0rn
0 comments:
Post a Comment