question

mohsenMJ-8783 avatar image
0 Votes"
mohsenMJ-8783 asked mohsenMJ-8783 answered

What is wrong with my SSL?

Hello,
My website using HTTPS, but when I used the SSLScan tool, I got below results:

 C:\Users\Admin\Desktop\SSLScan>SSLScan.exe Example.com:443
                    _
            ___ ___| |___  ___ __ _ _ __
           / __/ __| / __|/ __/ _` | '_ \
           \__ \__ \ \__ \ (_| (_| | | | |
           |___/___/_|___/\___\__,_|_| |_|
    
    
                   Version 1.8.2-win
              http://www.titania.co.uk
         Copyright Ian Ventura-Whiting 2009
     Compiled against OpenSSL 0.9.8m 25 Feb 2010
    
    
 Testing SSL server Example.com on port 443
    
    
   Supported Server Cipher(s):
     Failed    SSLv2  168 bits  DES-CBC3-MD5
     Failed    SSLv2   56 bits  DES-CBC-MD5
     Failed    SSLv2  128 bits  IDEA-CBC-MD5
     Failed    SSLv2   40 bits  EXP-RC2-CBC-MD5
     Failed    SSLv2  128 bits  RC2-CBC-MD5
     Failed    SSLv2   40 bits  EXP-RC4-MD5
     Failed    SSLv2  128 bits  RC4-MD5
     Failed    SSLv3  256 bits  ADH-AES256-SHA
     Failed    SSLv3  256 bits  DHE-RSA-AES256-SHA
     Failed    SSLv3  256 bits  DHE-DSS-AES256-SHA
     Failed    SSLv3  256 bits  AES256-SHA
     Failed    SSLv3  128 bits  ADH-AES128-SHA
     Failed    SSLv3  128 bits  DHE-RSA-AES128-SHA
     Failed    SSLv3  128 bits  DHE-DSS-AES128-SHA
     Failed    SSLv3  128 bits  AES128-SHA
     Failed    SSLv3  168 bits  ADH-DES-CBC3-SHA
     Failed    SSLv3   56 bits  ADH-DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-ADH-DES-CBC-SHA
     Failed    SSLv3  128 bits  ADH-RC4-MD5
     Failed    SSLv3   40 bits  EXP-ADH-RC4-MD5
     Failed    SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
     Failed    SSLv3   56 bits  EDH-RSA-DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-EDH-RSA-DES-CBC-SHA
     Failed    SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
     Failed    SSLv3   56 bits  EDH-DSS-DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-EDH-DSS-DES-CBC-SHA
     Failed    SSLv3  168 bits  DES-CBC3-SHA
     Failed    SSLv3   56 bits  DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-DES-CBC-SHA
     Failed    SSLv3  128 bits  IDEA-CBC-SHA
     Failed    SSLv3   40 bits  EXP-RC2-CBC-MD5
     Failed    SSLv3  128 bits  RC4-SHA
     Failed    SSLv3  128 bits  RC4-MD5
     Failed    SSLv3   40 bits  EXP-RC4-MD5
     Failed    SSLv3    0 bits  NULL-SHA
     Failed    SSLv3    0 bits  NULL-MD5
     Failed    TLSv1  256 bits  ADH-AES256-SHA
     Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA
     Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA
     Failed    TLSv1  256 bits  AES256-SHA
     Failed    TLSv1  128 bits  ADH-AES128-SHA
     Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA
     Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA
     Failed    TLSv1  128 bits  AES128-SHA
     Failed    TLSv1  168 bits  ADH-DES-CBC3-SHA
     Failed    TLSv1   56 bits  ADH-DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-ADH-DES-CBC-SHA
     Failed    TLSv1  128 bits  ADH-RC4-MD5
     Failed    TLSv1   40 bits  EXP-ADH-RC4-MD5
     Failed    TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
     Failed    TLSv1   56 bits  EDH-RSA-DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-EDH-RSA-DES-CBC-SHA
     Failed    TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
     Failed    TLSv1   56 bits  EDH-DSS-DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-EDH-DSS-DES-CBC-SHA
     Failed    TLSv1  168 bits  DES-CBC3-SHA
     Failed    TLSv1   56 bits  DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-DES-CBC-SHA
     Failed    TLSv1  128 bits  IDEA-CBC-SHA
     Failed    TLSv1   40 bits  EXP-RC2-CBC-MD5
     Failed    TLSv1  128 bits  RC4-SHA
     Failed    TLSv1  128 bits  RC4-MD5
     Failed    TLSv1   40 bits  EXP-RC4-MD5
     Failed    TLSv1    0 bits  NULL-SHA
     Failed    TLSv1    0 bits  NULL-MD5
    
    
   Prefered Server Cipher(s):
    
 C:\Users\Admin\Desktop\SSLScan>SSLScan.exe Example.com:80
                    _
            ___ ___| |___  ___ __ _ _ __
           / __/ __| / __|/ __/ _` | '_ \
           \__ \__ \ \__ \ (_| (_| | | | |
           |___/___/_|___/\___\__,_|_| |_|
    
    
                   Version 1.8.2-win
              http://www.titania.co.uk
         Copyright Ian Ventura-Whiting 2009
     Compiled against OpenSSL 0.9.8m 25 Feb 2010
    
    
 Testing SSL server Example.com on port 80
    
    
   Supported Server Cipher(s):
     Rejected  SSLv2  168 bits  DES-CBC3-MD5
     Rejected  SSLv2   56 bits  DES-CBC-MD5
     Rejected  SSLv2  128 bits  IDEA-CBC-MD5
     Rejected  SSLv2   40 bits  EXP-RC2-CBC-MD5
     Rejected  SSLv2  128 bits  RC2-CBC-MD5
     Rejected  SSLv2   40 bits  EXP-RC4-MD5
     Rejected  SSLv2  128 bits  RC4-MD5
     Failed    SSLv3  256 bits  ADH-AES256-SHA
     Failed    SSLv3  256 bits  DHE-RSA-AES256-SHA
     Failed    SSLv3  256 bits  DHE-DSS-AES256-SHA
     Failed    SSLv3  256 bits  AES256-SHA
     Failed    SSLv3  128 bits  ADH-AES128-SHA
     Failed    SSLv3  128 bits  DHE-RSA-AES128-SHA
     Failed    SSLv3  128 bits  DHE-DSS-AES128-SHA
     Failed    SSLv3  128 bits  AES128-SHA
     Failed    SSLv3  168 bits  ADH-DES-CBC3-SHA
     Failed    SSLv3   56 bits  ADH-DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-ADH-DES-CBC-SHA
     Failed    SSLv3  128 bits  ADH-RC4-MD5
     Failed    SSLv3   40 bits  EXP-ADH-RC4-MD5
     Failed    SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
     Failed    SSLv3   56 bits  EDH-RSA-DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-EDH-RSA-DES-CBC-SHA
     Failed    SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
     Failed    SSLv3   56 bits  EDH-DSS-DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-EDH-DSS-DES-CBC-SHA
     Failed    SSLv3  168 bits  DES-CBC3-SHA
     Failed    SSLv3   56 bits  DES-CBC-SHA
     Failed    SSLv3   40 bits  EXP-DES-CBC-SHA
     Failed    SSLv3  128 bits  IDEA-CBC-SHA
     Failed    SSLv3   40 bits  EXP-RC2-CBC-MD5
     Failed    SSLv3  128 bits  RC4-SHA
     Failed    SSLv3  128 bits  RC4-MD5
     Failed    SSLv3   40 bits  EXP-RC4-MD5
     Failed    SSLv3    0 bits  NULL-SHA
     Failed    SSLv3    0 bits  NULL-MD5
     Failed    TLSv1  256 bits  ADH-AES256-SHA
     Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA
     Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA
     Failed    TLSv1  256 bits  AES256-SHA
     Failed    TLSv1  128 bits  ADH-AES128-SHA
     Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA
     Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA
     Failed    TLSv1  128 bits  AES128-SHA
     Failed    TLSv1  168 bits  ADH-DES-CBC3-SHA
     Failed    TLSv1   56 bits  ADH-DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-ADH-DES-CBC-SHA
     Failed    TLSv1  128 bits  ADH-RC4-MD5
     Failed    TLSv1   40 bits  EXP-ADH-RC4-MD5
     Failed    TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
     Failed    TLSv1   56 bits  EDH-RSA-DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-EDH-RSA-DES-CBC-SHA
     Failed    TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
     Failed    TLSv1   56 bits  EDH-DSS-DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-EDH-DSS-DES-CBC-SHA
     Failed    TLSv1  168 bits  DES-CBC3-SHA
     Failed    TLSv1   56 bits  DES-CBC-SHA
     Failed    TLSv1   40 bits  EXP-DES-CBC-SHA
     Failed    TLSv1  128 bits  IDEA-CBC-SHA
     Failed    TLSv1   40 bits  EXP-RC2-CBC-MD5
     Failed    TLSv1  128 bits  RC4-SHA
     Failed    TLSv1  128 bits  RC4-MD5
     Failed    TLSv1   40 bits  EXP-RC4-MD5
     Failed    TLSv1    0 bits  NULL-SHA
     Failed    TLSv1    0 bits  NULL-MD5
    
    
   Prefered Server Cipher(s):

Why? What is wrong?

Thank you.

windows-server-iis-generalwindows-server-iis-configurationwindows-server-iis-troubleshootingwindows-server-iis-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What's wrong? You ran a very old tool (version 1.8 was released long before 2014), so don't expect any meaningful results. Use the latest from https://github.com/rbsec/sslscan and run the scan again.

0 Votes 0 ·
mohsenMJ-8783 avatar image
0 Votes"
mohsenMJ-8783 answered mohsenMJ-8783 edited

Hello,
Thank yo so much for your help.
I downloaded the last version and result is:

 C:\Users\Admin\Desktop\SSLscan>sslscan.exe Example.com:443
 Version: 2.0.10 Windows 64-bit (Mingw)
 OpenSSL 1.1.1e-dev  xx XXX xxxx
    
    
 Connected to 172.16.7.5
    
    
 Testing SSL server Example.com on port 443 using SNI name Example.com
    
    
   SSL/TLS Protocols:
 SSLv2     disabled
 SSLv3     disabled
 TLSv1.0   disabled
 TLSv1.1   disabled
 TLSv1.2   enabled
 TLSv1.3   disabled
    
    
   TLS Fallback SCSV:
 Server supports TLS Fallback SCSV
    
    
   TLS renegotiation:
 Session renegotiation not supported
    
    
   TLS Compression:
 Compression disabled
    
    
   Heartbleed:
 TLSv1.2 ERROR: send() failed: Bad file descriptor
    
    
    
 C:\Users\Admin\Desktop\SSLscan>sslscan.exe Example.com:80
 Version: 2.0.10 Windows 64-bit (Mingw)
 OpenSSL 1.1.1e-dev  xx XXX xxxx
    
    
 Connected to 172.16.7.5
    
    
 Testing SSL server Example.com on port 80 using SNI name Example.com
    
    
   SSL/TLS Protocols:
 SSLv2     disabled
 SSLv3     disabled
 TLSv1.0   disabled
 TLSv1.1   disabled
 TLSv1.2   disabled
 TLSv1.3   disabled
    
    
   TLS Fallback SCSV:
 Connection failed - unable to determine TLS Fallback SCSV support
    
    
   TLS renegotiation:
 Session renegotiation not supported
    
    
   TLS Compression:
 Compression disabled
    
    
   Heartbleed:
    
    
   Supported Server Cipher(s):
 Certificate information cannot be retrieved.
    
    
 C:\Users\Admin\Desktop\SSLscan>
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mohsenMJ-8783 avatar image
0 Votes"
mohsenMJ-8783 answered

Hello,
Is my SSL OK?

Thank you.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.