Looking for tool to test new ssl vulnerabilities

Russell Fulton r.fulton at auckland.ac.nz
Wed Jul 31 20:12:28 GMT 2002

Hi All, 

I've been pondering how I am going to find all the servers on campus
that are vulnerable to the latest SSL bugs.  Unlike ssh you can't simply
grab a banner to find the version (although this has problems of its own
since linux binary updates don't change the banners...). 

If anyone has any ideas I would love to hear them. 

Hmmmm... nessus has a plugin (quick work!) that reports the ssl version,
but as I noted above this will still flag all the linux systems that
have been upgrade using rpms.

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

'It aint necessarily so'  - Gershwin

More information about the unisog mailing list