?
Solved

tool like openssl for windows

Posted on 2011-09-04
9
Medium Priority
?
1,198 Views
Last Modified: 2012-05-12
Hi experts,

I am a network engineer and don't normally deal with coding or IT forensics.
What I am looking to do is see the type of response from our SSL sites when it receives an  SSLV2 requests.
I've read that openssl does the trick but I don't think it installs on Windows (correct me if I am wrong). What other tools are available for this?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36482435
I haven't used this or know anyone who has, but it looks like This app from Shining Light might do the trick.

Why not just fire up a Unix-based VM?  Ubuntu is nice and friendly to those who are used to Windows, then you can just use "openssl s_client" combined with whatever special options you need for your testing.  This approach realistically shouldn't take long at all these days, it's a pretty common practice.
0
 
LVL 8

Assisted Solution

by:ee_reach
ee_reach earned 400 total points
ID: 36482445
Windows binaries for openssl:

http://www.openssl.org/related/binaries.html

Hope this helps.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36482453
Windows binaries for openssl:

http://www.openssl.org/related/binaries.html

Hope this helps.

All that has is the link I already provided.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:trojan81
ID: 36485354
Thank you. i was able to load openssl on my Windows 64-bit computer.
I went into DOS and typed in c:\openssl-win64\bin\openssl

Now I get an OPENSSL prompt.

I will diable sslv3 and only allow sslv2 on my browser. I want to then go to www.chase.com and see how it responds.
Can someone provide a same syntax for accomplishing this? Chase IP is 159.53.60.115

0
 

Author Comment

by:trojan81
ID: 36485364
I don't see a syntax for S-client.

OpenSSL> s-client ?
openssl:Error: 's-client' is an invalid command.

OpenSSL> openssl s_client ?
openssl:Error: 'openssl' is an invalid command.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 1600 total points
ID: 36485378
s_client is an argument to give after 'openssl' on the command line, not in interactive mode (although you may be able to, but for the sake of this thread just use the following command).

openssl s_client -connect hostname:port -ssl2

Open in new window


Run that and if you see the certificate, you *should* be good.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36485403
Run that and if you see the certificate, you *should* be good.

I should have clarified.  If you see the certificate, then SSLv2 is enabled.  Not sure what you are trying to accomplish, but disabling SSLv2 and weak ciphers are good things to do.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36485430
pod@box:~$ openssl s_client -connect chase.com:443 -ssl2
CONNECTED(00000003)
21740:error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher:s2_pkt.c:675:
21740:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Open in new window

0
 

Author Closing Comment

by:trojan81
ID: 36485872
Papertrip, thank you.
I was looking to verify that ssl2 was turned off on my site. Since I didn't see the cert when I ran that command I assume it is turned off.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question