in Linux, Security, Windows

How to check if SSL v2 is enabled using openssl

SSL v2 is weak and outdated protocol. All modern browsers and applications support SSL v3 and that’s why you should disable SSL v2 where possible.

Using this command you can check if SSL v2 is enabled:

openssl s_client -connect -ssl2

If SSL v2 is disabled you should get a response like this (this is the response you want to get because SSL v2 should be disabled):



11132:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

However, if SSL v2 is enabled the response will be a lot longer and include something like this:

Ciphers common between both SSL endpoints:
RC4-MD5         EXP-RC4-MD5     RC2-CBC-MD5
SSL handshake has read 1370 bytes and written 364 bytes
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 2048 bit

Here are instructions on how to disable SSL v2 on Windows 2008 servers:
How to disable SSL v2 / enable SSL v3 on Windows 2008