POODLE check is not working correctly on newer openssl
Closed this issue · 2 comments
JohnCasey commented
ssltls.check does not work as expected with newer OpenSSL versions as the option "-ssl3" does not exist anymore.
Example output of manually calling the built command line when checking for POODLE vulnerability:
root@www:/root# /usr/bin/openssl s_client -connect mail:465 -ssl3
s_client: Option unknown option -ssl3
s_client: Use -help for summary.
I'm running Debian 9 with openssl 1.1.0f-3+deb9u2
a-schild commented
Yes, when the openssl on the executing server isn't having ssl3 support, we can't test for it.
You just need to disable the check (And can't check for it, sorry)
a-schild commented
The updated templates have now the poodle check disabled by default