How is QID 38139 - SSL Server has SSLv2 Enabled detected?

Document created by kb-author-1 Employee on May 19, 2010Last modified by eschamp on Sep 2, 2010
Version 2Show Document
  • View in full screen mode


How is QID 38139 - SSL Server has SSLv2 Enabled detected?



The test for QID 38139 can be verified manually with the OpenSSL command-line client.


On a command line, type:

openssl s_client -connect TARGET_IP:PORT_NUMBER -ssl2


where TARGET_IP is the IP address of the host in question, and PORT_NUMBER is the port listed in the scan report for this QID.


For mail servers (port 25 and others) which use START TLS, you will need to use:

openssl s_client -connect -ssl2 -starttls smtp


If the result is an SSL handshake error similar to the example below, the host is not vulnerable:


9216:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:



However, if the connection is established and the SSL handshake information is displayed, the issue was successfully reproduced. Please note that some vendors may allow the initial SSL connection with SSLv2, but disallow the connection once the underlying service is exercised.


Qualys Support KnowledgeBase