How can I verify that SSLv3 protocol is disabled?

SSL-Session:
   Protocol  : SSLv3
   Cipher    : AES256-SHA

Obviously your server still has SSLv3 enabled. If you successfully disabled SSLv3 openssl s_client -ssl3 -connect ... should get something like this:

...SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
...SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
...
Protocol  : SSLv3
Cipher    : 0000

The indicator here is that you get no cipher ("0000").

As for the ciphers itself you don't need to make any changes.

just for completeness:

testssl.sh is a nice, console-based tool to check ssl-setups of any ssl/ts - enabled servers, in oposite to ssllabs

testssl

Two ways that I know of:

If you have Webinspect, they have a check specifically for this.

The simple way is to uncheck all protocols in IE with the exception of SSLv3 and see if you connect to the website.

enter image description here

How can I verify that SSLv3 protocol is disabled?

Tags:

Openssl

Tls

Starttls

Related

Recent Posts