First thing that came to my mind when reading about POODLE was how can I test, followed by what to do to patch/fix this.
So the first thing is to test for the vulnerability. And from all I have read so far is that you are vulnerable if your servers support SSLv3. I am confident that many of the ones I manage do; so lets test this out.
First thing I did was log into my Greyhat Test Box, thank you Kali Linux. Note: this could be any Linux distribution I just wanted to plug those guys/and/gals.
At the command line we will be using the OpenSSL tools to test by typing the following:
openssl s_client -connect <server>:<port> -ssl3If this connects you have SSLv3 enabled, if it failed then you will see:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failureSo if you run a server check out the following links:
Microsoft:
https://technet.microsoft.com/library/security/3009008.aspx
Apache:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#msie
Tomcat:
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS
Nginx:
http://nginx.com/blog/nginx-poodle-ssl/
And for the end users, disable SSL 3.0 in your browser, avoid MITM attack by using a VPN connection and always, always use HTTPS.
2 replies on “Tech Short: Let’s test for POODLE or SSLv3”
[…] And even did some testing here: http://jermsmit.com/tech-short-lets-test-for-poodle-or-sslv3/ […]
[…] But why? I did some checking on the SSL Certificates, using some of the steps from one of my older posts: http://jermsmit.com/tech-short-lets-test-for-poodle-or-sslv3/ […]