Wiki

User Tools

Site Tools

Trace:
ubuntu:ssl:check_for_poodle_bug

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
ubuntu:ssl:check_for_poodle_bug [2020/07/15 09:30] – external edit 127.0.0.1ubuntu:ssl:check_for_poodle_bug [2021/02/02 11:33] (current) peter
Line 8: Line 8:
  
 <code bash> <code bash>
-echo | timeout 3 openssl s_client -connect HOSTNAMEORIPADDRESS:443 >/dev/null 2>&1; if [[ $? != 0 ]]; then echo "UNKNOWN: HOSTNAMEORIPADDRESS timeout or connection error"; else echo | openssl s_client -connect HOSTNAMEORIPADDRESS:443 -ssl3 2>&1 | grep -qo "sslv3 alert handshake failure\|SSL3_GET_RECORD:wrong version number" && echo "OK: HOSTNAMEORIPADDRESS Not vulnerable" || echo "FAIL:  HOSTNAMEORIPADDRESS vulnerable; sslv3 connection accepted"; fi+echo | timeout 3 openssl s_client -connect HOSTNAMEORIPADDRESS:443 >/dev/null 2>&1;  
 +  if [[ $? != 0 ]]; then 
 +    echo "UNKNOWN: HOSTNAMEORIPADDRESS timeout or connection error";  
 +  else  
 +    echo | openssl s_client -connect HOSTNAMEORIPADDRESS:443 -ssl3 2>&1 | grep -qo "sslv3 alert handshake failure\|SSL3_GET_RECORD:wrong version number" && echo "OK: HOSTNAMEORIPADDRESS Not vulnerable" || echo "FAIL:  HOSTNAMEORIPADDRESS vulnerable; sslv3 connection accepted"; fi
 </code> </code>
  
-Replace **HOSTNAMEORIPADDRESS** by the actual hostname or IP address. +<WRAP info> 
 +**NOTE:**  Replace **HOSTNAMEORIPADDRESS** by the actual hostname or IP address. 
 + 
 +</WRAP> 
 If you use SNI, add the **-servername sharewiz.net** option to the 2 OpenSSL commands, like so: If you use SNI, add the **-servername sharewiz.net** option to the 2 OpenSSL commands, like so:
  
ubuntu/ssl/check_for_poodle_bug.1594805433.txt.gz · Last modified: 2020/07/15 09:30 by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki