Solved

tool like openssl for windows

Posted on 2011-09-04
9
988 Views
Last Modified: 2012-05-12
Hi experts,

I am a network engineer and don't normally deal with coding or IT forensics.
What I am looking to do is see the type of response from our SSL sites when it receives an  SSLV2 requests.
I've read that openssl does the trick but I don't think it installs on Windows (correct me if I am wrong). What other tools are available for this?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36482435
I haven't used this or know anyone who has, but it looks like This app from Shining Light might do the trick.

Why not just fire up a Unix-based VM?  Ubuntu is nice and friendly to those who are used to Windows, then you can just use "openssl s_client" combined with whatever special options you need for your testing.  This approach realistically shouldn't take long at all these days, it's a pretty common practice.
0
 
LVL 8

Assisted Solution

by:ee_reach
ee_reach earned 100 total points
ID: 36482445
Windows binaries for openssl:

http://www.openssl.org/related/binaries.html

Hope this helps.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36482453
Windows binaries for openssl:

http://www.openssl.org/related/binaries.html

Hope this helps.

All that has is the link I already provided.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:trojan81
ID: 36485354
Thank you. i was able to load openssl on my Windows 64-bit computer.
I went into DOS and typed in c:\openssl-win64\bin\openssl

Now I get an OPENSSL prompt.

I will diable sslv3 and only allow sslv2 on my browser. I want to then go to www.chase.com and see how it responds.
Can someone provide a same syntax for accomplishing this? Chase IP is 159.53.60.115

0
 

Author Comment

by:trojan81
ID: 36485364
I don't see a syntax for S-client.

OpenSSL> s-client ?
openssl:Error: 's-client' is an invalid command.

OpenSSL> openssl s_client ?
openssl:Error: 'openssl' is an invalid command.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 400 total points
ID: 36485378
s_client is an argument to give after 'openssl' on the command line, not in interactive mode (although you may be able to, but for the sake of this thread just use the following command).

openssl s_client -connect hostname:port -ssl2

Open in new window


Run that and if you see the certificate, you *should* be good.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36485403
Run that and if you see the certificate, you *should* be good.

I should have clarified.  If you see the certificate, then SSLv2 is enabled.  Not sure what you are trying to accomplish, but disabling SSLv2 and weak ciphers are good things to do.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36485430
pod@box:~$ openssl s_client -connect chase.com:443 -ssl2
CONNECTED(00000003)
21740:error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher:s2_pkt.c:675:
21740:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Open in new window

0
 

Author Closing Comment

by:trojan81
ID: 36485872
Papertrip, thank you.
I was looking to verify that ssl2 was turned off on my site. Since I didn't see the cert when I ran that command I assume it is turned off.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question