When conducting external vulnerability assessments I have been seeing a specific finding as “very common”; the finding that the server supports outdated Secure Socket Layer (SSL) version 2 protocols.

The problem is simple enough. You didn’t update your server support and you are now not running the more recent versions. But, as is usually the case, the newer SSL standards are more secure.

Every modern vulnerability scanner will pick up on this issue and report on it. I always like to double check findings using manual testing techniques or running separate tools to verify findings are legitimate. The tool SSLScan, part of the backtrac testing suite, is very useful when verifying this finding. SSLScan is very easy to use and will give you a clear picture of what ciphers your server supports, what are the servers preferred ciphers and which SSL protocols are supported. The following is a screenshot of SSLScan running against... read more >