tuxad blog

Syndicate
Site (RSS, Atom)
Contact
Frank Bergmann
Weblog status
Total entries: 78
Last entry: 2022-10-16 13:52:24
Last updated: 2022-10-16 14:12:58
powered by vim, bash, cat, grep, sed, and nb 3.4.2

2014-10-16 16:22:20

Poodle detect script

Red Hat's poodle check script is FAULTY. It uses internally a script which isn't available on RHEL 5 (and other platforms). The script also doesn't distinguish between "SSLv3 disabled" and other errors. This is an enhanced version of Red Hat's script: 

#!/bin/bash
ret=$(
 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3\
 2>/dev/null </dev/null
)
if echo "${ret}" | grep -q 'CONNECTED'; then
  if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
    if echo "${ret}" | grep -q 'Cipher.*0000'; then
      echo "SSL 3.0 disabled"
    else
      echo "SSL 3.0 enabled"
    fi
  else
    echo "SSL 3.0 disabled"
  fi
else
  echo "unknown error"
fi

Posted by Frank W. Bergmann | Permanent link | File under: ssl, encryption, redhat, openssl, shell
/\