POODLE check is not working correctly on newer openssl

Question

POODLE check is not working correctly on newer openssl

Closed this issue 6 years ago · 2 comments

ssltls.check does not work as expected with newer OpenSSL versions as the option "-ssl3" does not exist anymore.
Example output of manually calling the built command line when checking for POODLE vulnerability:

root@www:/root# /usr/bin/openssl s_client -connect mail:465 -ssl3
s_client: Option unknown option -ssl3
s_client: Use -help for summary.

I'm running Debian 9 with openssl 1.1.0f-3+deb9u2

Answer 1 · 2018-04-20T10:10:31.000Z

Yes, when the openssl on the executing server isn't having ssl3 support, we can't test for it.
You just need to disable the check (And can't check for it, sorry)

Answer 2 · 2018-06-11T15:28:14.000Z

The updated templates have now the poodle check disabled by default