Results 1 to 2 of 2

Thread: Adding support for SSLv2 for SSLScan and OpenSSL testing

  1. #1
    Join Date

    Adding support for SSLv2 for SSLScan and OpenSSL testing

    Looks like support for SSL version 2 has been removed from this distribution, which makes it difficult to test for insecure SSLv2 ciphers on webservers. I added back the support, by using the following commands that I found on the interwebs and I thought I'd share

    1 - get yourself a drink, this takes a while
    2- this was done on a base install of the 32bit gnome vmimage

    root@kali:~# sudo apt-get install devscripts quilt
    root@kali:~#apt-get source openssl
    root@kali:~#cd openssl-*
    root@kali:~/openssl-1.0.1e# quilt pop -a #removing patches
    root@kali:~/openssl-1.0.1e# vi debian/patches/series # you need to remove the line that says something like "no-ssl2.patch" name may vary Press :x<return> to save and exit vi
    root@kali:~/openssl-1.0.1e# vi debian/rules # remove the arg that says no-ssl2, leave the rest of that line Press :x<return> to save and exit vi
    root@kali:~/openssl-1.0.1e# quilt push -a # repatch
    root@kali:~/openssl-1.0.1e# dch -n 'Allow SSLv2' #change description for changelog
    root@kali:~/openssl-1.0.1e# dpkg-source --commit # commit any changes
    root@kali:~/openssl-1.0.1e# debuild -uc -us # rebuild OpenSSL with customizations
    root@kali:~/openssl-1.0.1e# cd ../ # go up a level
    root@kali:~# sudo dpkg -i *ssl*.deb # install that package you just rebuilt

    test it on your coworkers ssl2 site

    root@kali:~# openssl
    OpenSSL> s_client -connect www.<insertserver>.com:443 -ssl2
    CONNECTED # it works, if something messed up it will say invalid arg -ssl2

    sslscan still will not work at this point because we need to rebuild that pkg too

    root@kali:~# apt-get source sslscan #get the source
    root@kali:~# cd sslscan* # go to sslscan
    root@kali:~/sslscan-1.8.2# debuild -uc -us #rebuild the pkg
    root@kali:~/sslscan-1.8.2# cd ../ # get out of sslscan
    root@kali:~# sudo dpkg -i *sslscan*.deb #reinstall

    it should check for sslv2 ciphers now

  2. #2
    Join Date
    San Jose

    If above is too much for you, make sure java is installed ( and just use TestSSLServer Jar file

Similar Threads

  1. Interpreting SSLScan results
    By b3d0uin in forum General Archive
    Replies: 3
    Last Post: 2016-07-19, 11:40
  2. Adding MHL support to Nethunter Oneplus devices
    By lxj616 in forum NetHunter Development
    Replies: 3
    Last Post: 2016-04-08, 18:50

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts