Signiant Support

How Can I Confirm that my Signiant Web Server Does Not Allow Weak Encryption, Anonymous Authentication or Null Ciphers? Print


Openssl can be used to confirm that your Signiant web server does not allow anonymous authentication or weak encryption. The following commands provide a reliable method for ensuring weak and vulnerable ciphers are not used.

openssl s_client -ssl2 -connect <ipaddress>:443
openssl s_client -cipher LOW -connect <ipAddress>:443
openssl s_client -cipher LOW:EXP -connect <ipAddress>:443
openssl s_client -no_tls1 -no_ssl3 -connect <ipAddress>:443

 

If any of the commands makes a connection and displays information about the SSL handshake, then the host is vulnerable. Otherwise, the openssl command should return errors similar to the following example:

CONNECTED(00000003)
9216:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:


Additional Information:

The openssl executable can be found in one of the following locations:

Linux:  /usr/bin/openssl (usually part of the system executable path)
Windows:  C:\Program Files\Signiant\Mobilize\3rdparthjboss\bin

The paths above assume an installation in the default directory.  Adjust your path accordingly if you have installed in another location.