[Pkg-openssl-devel] Bug#765565: Bug#765565: Bug#765565: openssl: don't completely disable ssl3/2 but rather just don't use it

rbsec robin at rbsec.net
Sat Oct 18 13:35:14 UTC 2014


Kurt,

The Debian sslscan package looks like it was last updated in 2011, it's
probably based off the original fork by IOError - which has been pretty
much abandoned for the last few years.

I have an updated fork on GitHub (https://github.com/rbsec/sslscan) with
some new features like IPv6 and TLS 1.1/1.2 support. There are also a
couple of other forks out there (like the one by DinoTools).

~Robin

On 18/10/14 14:14, Kurt Roeckx wrote:
> On Sat, Oct 18, 2014 at 02:03:38PM +0100, rbsec wrote:
>> Kurt,
>>
>> You're correct that sslscan uses SSLv3_client_method() - it also uses
>> the SSLv2, TLS1.0, 1.1 and 1.2 equivalents as well depending on which
>> protocols are enabled in OpenSSL (and which ones it's told to scan with
>> commandline options). TLSv1.2 is supported (it can be forced with
>> --tls12) - not sure why that wouldn't be working for you.
> There is no --tls12 option in the debian package of it.
>
>
> Kurt
>
>



More information about the Pkg-openssl-devel mailing list