/build/static/layout/Breadcrumb_cap_w.png

discovering servers with SSLv2 enabled

I'm looking to discover what servers in my inventory have SSL v2.0 enabled. For security reasons, I'd like to see that it gets disabled, but I'm not finding information that I can easily query that tells me it is 'enabled' other than executing an openssl command to each machine.

I did find a couple of articles that describe adding/changing the registry to a particular value, but I don't see what exactly I can query from the Windows registry via KACE Scripting to locate who is affected.

How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Disable SSLv2 for Microsoft IIS7 under Windows Server 2008 64bit

When I peruse Windows Registry on one server that SSLv2 is enabled and another that it is not. The key 'HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\' looks the same between the two. There is no 'Enabled' DWORD name preexisting.

Any help to point me in the right direction is much appreciated.

Thanks.

0 Comments   [ + ] Show comments

Answers (2)

Posted by: cblake 12 years ago
Red Belt
0
Using the openssl command you could maybe use a custom inventory rule:
ShellCommandTextReturn(command)
Depending on the data at the command line, that could return it to the K1 database.
Otherwise you could use the CI to return the registry value if it existed.
Posted by: fauveld 12 years ago
Orange Belt
0
cblake, that sounds promising. Let me get this straight because I'm new to KACE. The Custom Inventory command would look something like...

ShellCommandTextReturn(openssl s_client -ssl2 -connect 127.0.0.1:443)


Is there a means of querying the openssl results for something descriptive like "ssl handshake has read"?

There's probably a better means than what I'm thinking, but I appreciate the help.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ