4

I have a web server supporting SSL 3 and TLS protocols, the following are the supported cipher suites:

  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

How can I check if the server supports NULL cipher ?

StackzOfZtuff
  • 18,093
  • 1
  • 52
  • 86
Arun
  • 353
  • 1
  • 4
  • 14

2 Answers2

5
openssl s_client -connect www.example.com:443 -cipher NULL

You might also want to have a look at this blog which details how to test for different ciphers.

To test for 64-bit ciphers or lower you can use:

openssl s_client -connect www.example.com:443 -cipher LOW

To test for 128-bit ciphers:

openssl s_client -connect www.example.com:443 -cipher MEDIUM

To test for anything more than 128-bit:

openssl s_client -connect www.example.com:443 -cipher HIGH
Lucas Kauffman
  • 54,437
  • 17
  • 116
  • 196
  • Seems like the server is bailing on your connection, check the logs of the server. What version of openssl are you using and what system? – Lucas Kauffman Jul 22 '13 at 08:12
  • Its fully proprietary SSL TLS library everything . for NULL and LOW i get the output "HANDSHAKE FAILURE" . However for HIGH and MEDIUM i get the SSL certificate information – Arun Jul 22 '13 at 08:14
  • It's probably a bad implementation which rather than giving you a not supported connection just bails on the connection completely. – Lucas Kauffman Jul 22 '13 at 08:16
  • But looking at the examples from the blog u sent me , is it safe to deduce that the server doesn't support NULL encryption – Arun Jul 22 '13 at 08:17
  • I'd just send the manufacturers of the library an email to make sure. But I suspect that if it bails on those connections, it could be that it does not support it. I'd also check the logs of the application which is using this library to see what it did. – Lucas Kauffman Jul 22 '13 at 08:24
2

In addition to the solution suggested by @Lucas (with openssl), you can try this tool, which will give you the list of all cipher suites supported by your server, along with some other information. The cipher suites which do not actually encrypt data are: TLS_NULL_WITH_NULL_NULL, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_NULL_SHA256.

If your server is accessible from the Internet in general, then SSL Labs as a tool which will give you similar information (but don't panic if you see a big red warning about vulnerability to BEAST attack, it is not real anymore).

Community
  • 1
Tom Leek
  • 172,594
  • 29
  • 349
  • 481