QID 38141 - How to verify

Document created by kb-author-1 Employee on May 17, 2010Last modified by Robert Dell'Immagine on Jul 12, 2010
Version 7Show Document
  • View in full screen mode

Issue:  QualysGuard scan results show that our host is vulnerable with QID 38141 - SSL Server May Be Forced to Use Weak Encryption Vulnerability.  How can I verifiy the result?

Solution:  The test for QID 38141 can be verified manually on a Unix based machine using openssl. Openssl is also available under Windows under the CYGWIN toolkit.

On a command line, type:

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher CIPHER_NAME

Where TARGET_IP is the IP address of the host in question, PORT_NUMBER is the port listed in the scan report for this QID, and CIPHER_NAME is a ciphername mentioned in the scan results.

If the connection is established successfully using a weak encryption cipher, the host is vulnerable. The response contains a large amount of data, including similar to the following at the bottom:


SSL handshake has read 812 bytes and written 232 bytes


New, TLSv1/SSLv3, Cipher is EXP1024-RC4-SHA

Server public key is 1024 bit


Protocol : TLSv1

Cipher : EXP1024-RC4-SHA

Session-ID: 914C354F6AB7D531B6C80D121F28E8CBB8541D890C7537117A65386E70EABD9E


Master-Key: B1B467B86136B5812BC3538480F8FDEF2678AB7E01D99A554A937B2BAB13BA4EC187D44782E19081811F75461F6110E3

Key-Arg : None

Krb5 Principal: None

Start Time: 1099425950

Timeout : 300 (sec)

Verify return code: 18 (self signed certificate)

Qualys Support KnowledgeBase


ID:  0001.001.613.000