LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-21-2012, 12:19 PM   #1
Doknik
LQ Newbie
 
Registered: Jun 2010
Posts: 26

Rep: Reputation: 1
SSL Version Question


I need clarification on what is the best way to check which SSL version I have running on my Linux RHEL 5.3 Server

When i use the sslscan tool ie sslscan --no-failed myserver:444 i get an output below(snippets)

[root@myserver]# sslscan --no-failed myserver:444
_
___ ___| |___ ___ __ _ _ __
/ __/ __| / __|/ __/ _` | '_ \
\__ \__ \ \__ \ (_| (_| | | | |
|___/___/_|___/\___\__,_|_| |_|

Version 1.8.2
http://www.titania.co.uk
Copyright Ian Ventura-Whiting 2009

Testing SSL server myserver on port 444

snip snip

**SSL Certificate:
Version: 0**

When i run openssl command below it gives me a different (conflicting) SSL version ie SSLv3/TLS1

[root@myserver]# openssl s_client -connect myserver:444
CONNECTED(00000003)

Snip snip

---
New, TLSv1/SSLv3, Cipher is AES256-SHA

snip snip

This has left me a bit confused, for instance on myserver as sslcan tool says certificate version is 0 but openssl says certificate is SSLv3 /TLS1 .....

Which is which? someone please help
Does SSL shows the certificate version rather than the the SSl version number.? Grey area for me someone please shed some light.
Your help would be greatly appreciated.
 
Old 02-21-2012, 01:39 PM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,417
Blog Entries: 33

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
sslscan is not part of the openssl package tools. The openssl -connect command is the correct version.

SAM
 
Old 02-22-2012, 02:43 AM   #3
Doknik
LQ Newbie
 
Registered: Jun 2010
Posts: 26

Original Poster
Rep: Reputation: 1
Thanks Sam i appreciate your help but does that mean that sslscan is not accurate or what
 
Old 02-22-2012, 10:57 AM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,417
Blog Entries: 33

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
If they are reporting two different values then I would say that openssl is definitely more reliable. So the problem could be

1) you're running the command incorrectly without proper options for the information you're looking for (see the man page)
2) the command is wrong and has a bug

I've never heard of sslscan but openssl is an industry tested application so I would be more inclined to trust it.
 
  


Reply

Tags
linux, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL version number typo in slackware.com repository clifford227 Slackware 3 04-01-2010 04:33 PM
How to know SSL Version deepak_message Linux - Server 1 01-22-2009 12:16 AM
Is it safe to run the non premium version of syslog-ng? (The one that doesnt use ssl) abefroman Linux - Security 4 06-04-2008 03:32 AM
SSL setup on 8.04 desktop version , error message nxfs Linux - Security 0 05-08-2008 01:40 PM
OpenLDAP with ssl version compatability Vikas Sarin Linux - Networking 0 12-17-2006 08:46 PM


All times are GMT -5. The time now is 07:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration