tool like openssl for windows

trojan81
trojan81 used Ask the Experts™
on
Hi experts,

I am a network engineer and don't normally deal with coding or IT forensics.
What I am looking to do is see the type of response from our SSL sites when it receives an  SSLV2 requests.
I've read that openssl does the trick but I don't think it installs on Windows (correct me if I am wrong). What other tools are available for this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2011

Commented:
I haven't used this or know anyone who has, but it looks like This app from Shining Light might do the trick.

Why not just fire up a Unix-based VM?  Ubuntu is nice and friendly to those who are used to Windows, then you can just use "openssl s_client" combined with whatever special options you need for your testing.  This approach realistically shouldn't take long at all these days, it's a pretty common practice.
Commented:
Windows binaries for openssl:

http://www.openssl.org/related/binaries.html

Hope this helps.
Top Expert 2011

Commented:
Windows binaries for openssl:

http://www.openssl.org/related/binaries.html

Hope this helps.

All that has is the link I already provided.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Author

Commented:
Thank you. i was able to load openssl on my Windows 64-bit computer.
I went into DOS and typed in c:\openssl-win64\bin\openssl

Now I get an OPENSSL prompt.

I will diable sslv3 and only allow sslv2 on my browser. I want to then go to www.chase.com and see how it responds.
Can someone provide a same syntax for accomplishing this? Chase IP is 159.53.60.115

Author

Commented:
I don't see a syntax for S-client.

OpenSSL> s-client ?
openssl:Error: 's-client' is an invalid command.

OpenSSL> openssl s_client ?
openssl:Error: 'openssl' is an invalid command.
Top Expert 2011
Commented:
s_client is an argument to give after 'openssl' on the command line, not in interactive mode (although you may be able to, but for the sake of this thread just use the following command).

openssl s_client -connect hostname:port -ssl2

Open in new window


Run that and if you see the certificate, you *should* be good.
Top Expert 2011

Commented:
Run that and if you see the certificate, you *should* be good.

I should have clarified.  If you see the certificate, then SSLv2 is enabled.  Not sure what you are trying to accomplish, but disabling SSLv2 and weak ciphers are good things to do.
Top Expert 2011

Commented:
pod@box:~$ openssl s_client -connect chase.com:443 -ssl2
CONNECTED(00000003)
21740:error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher:s2_pkt.c:675:
21740:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Open in new window

Author

Commented:
Papertrip, thank you.
I was looking to verify that ssl2 was turned off on my site. Since I didn't see the cert when I ran that command I assume it is turned off.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial