Syndicate
Site (RSS, Atom)
Contact
Weblog status
Total entries: 50
Last entry: 2016-10-17 22:22:03
Last updated: 2016-10-18 07:57:57
powered by vim, bash, cat, grep, sed, and nb 3.4.2

2014-10-16 16:22:20

Poodle detect script

Red Hat's poodle check script is FAULTY. It uses internally a script which isn't available on RHEL 5 (and other platforms). The script also doesn't distinguish between "SSLv3 disabled" and other errors. This is an enhanced version of Red Hat's script:

#!/bin/bash
ret=$(
 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3\
 2>/dev/null </dev/null
)
if echo "${ret}" | grep -q 'CONNECTED'; then
  if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
    if echo "${ret}" | grep -q 'Cipher.*0000'; then
      echo "SSL 3.0 disabled"
    else
      echo "SSL 3.0 enabled"
    fi
  else
    echo "SSL 3.0 disabled"
  fi
else
  echo "unknown error"
fi

Posted by Frank W. Bergmann | Permanent link | File under: ssl, encryption, redhat, openssl, shell