Issue: QualysGuard scan results show that our host is vulnerable with QID 38141 - SSL Server May Be Forced to Use Weak Encryption Vulnerability. How can I verifiy the result?
Solution: The test for QID 38141 can be verified manually on a Unix based machine using openssl. Openssl is also available under Windows under the CYGWIN toolkit.
On a command line, type:
openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher CIPHER_NAME
Where TARGET_IP is the IP address of the host in question, PORT_NUMBER is the port listed in the scan report for this QID, and CIPHER_NAME is a ciphername mentioned in the scan results.
If the connection is established successfully using a weak encryption cipher, the host is vulnerable. The response contains a large amount of data, including similar to the following at the bottom:
SSL handshake has read 812 bytes and written 232 bytes
New, TLSv1/SSLv3, Cipher is EXP1024-RC4-SHA
Server public key is 1024 bit
Protocol : TLSv1
Cipher : EXP1024-RC4-SHA
Key-Arg : None
Krb5 Principal: None
Start Time: 1099425950
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
Qualys Support KnowledgeBase