Friday, December 10, 2010

Is it SSL v2 or v3?!


This post might help some of you out there that working as a pentester/security consultant/IT staff/etc.

During pentest,after scanned the server/host/ip, u might get a result saying that the server/host/ip using old version of SSL. The latest one currently is version 3.

So,how to ensure this is a true positive or false positive? U can check it by using Internet Explorer browser.

go to Tools > Internet Options
go to the Advance tab.

tick the box like i show below if u want to check either that server/host/ip using old version of SSL in this case v2.

then click OK.

go the server/host/ip using the same browser.
if u can get to the webpage, this means the server/host/ip is using v2 of SSL.
if not,u'll get an error/too long to load/timeout connection/,this means the server/host/ip is not using the v2 of SSL.

then,try to check for the other version,in this case is version 3.
the same thing u need to check. after tick the v3 SSL box, check the server/host/ip
like u did for v2 SSL.

hope u all can understand my post :)