From: Chris Koeritz Date: Wed, 22 Oct 2014 00:00:25 +0000 (-0400) Subject: check for whether server still supports SSLv3 or not; it is important not to allow... X-Git-Tag: 2.140.90~748 X-Git-Url: https://feistymeow.org/gitweb/?a=commitdiff_plain;h=7fff225444f15fe05d1b899881e5201b9e413fac;p=feisty_meow.git check for whether server still supports SSLv3 or not; it is important not to allow SSLv3 now due to POODLE vulnerability. script could be improved a bit. --- diff --git a/scripts/security/poodle_check.sh b/scripts/security/poodle_check.sh new file mode 100644 index 00000000..b58eb133 --- /dev/null +++ b/scripts/security/poodle_check.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +host="$1"; shift +port="$1"; shift +if [ -z "$port" ]; then + port=443 +fi + +if [ -z "$host" ]; then + echo "This test takes at least a hostname parameter for testing, and will also" + echo "accept an optional port parameter, e.g." + echo " $(basename $0) garvey.edu 17001" + exit 1 +fi + +echo +echo "about to try connecting; if this fails to stay connected, then you are not" +echo "vulnerable to POODLE SSLv3 attack. if it does connect, and you see the" +echo "protocol SSLv3 listed, then the server at $host:$port" +echo "is vulnerable to POODLE!" +echo +openssl s_client -ssl3 -host "$host" -port $port + +exit 0 + + +#could improve this by starting openssl connect in background +# and awaiting its exit. if it doesn't exit in like 3 seconds, +# then it probably connected. at that point, print the error +# message about vulnerability found, and show where the output +# file from connect can be found for inspection.