Verify QID 38143 - SSL Server Allows Cleartext Communication Vulnerability

Document created by kb-author-1 Employee on May 19, 2010Last modified by Joe Gregory on Dec 4, 2012
Version 6Show Document
  • View in full screen mode


QID 38143 - SSL Server Allows Cleartext Communication Vulnerability indicates that the server allows HTTPS/SSL connections without a cipher, i.e. no encryption. How can I test/reproduce this behavior?


The test for QID 38143 can be verified manually with the openssl command line client. This client is commonly found on Unix based machines or can be found under CYGWIN on Windows as well.

On a command line, type:

openssl s_client -connect TARGET_IP:443 -cipher eNULL

Where TARGET_IP is the IP address of the host in question.


openssl s_client -connect -cipher eNULL


11872:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562: does NOT accept the eNULL cipher

Now a working example using the cipher RC4-MD5 (sections marked with snip have some output removed for clarity of presentation)

openssl s_client -connect -cipher RC4-MD5


<- snip ->

SSL handshake has read 2626 bytes and written 231 bytes


New, TLSv1/SSLv3, Cipher is RC4-MD5

Server public key is 1024 bit

Compression: NONE

Expansion: NONE


    Protocol  : TLSv1

    Cipher    : RC4-MD5

<- snip ->

Qualys Support KnowledgeBase

ID:  0001.001.613.000