What is wrong with my SSL?

Question

What is wrong with my SSL?

WindowsGeek 21

Hello,
My website using HTTPS, but when I used the SSLScan tool, I got below results:

C:\Users\Admin\Desktop\SSLScan>SSLScan.exe Example.com:443
                   _
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|


                  Version 1.8.2-win
             http://www.titania.co.uk
        Copyright Ian Ventura-Whiting 2009
    Compiled against OpenSSL 0.9.8m 25 Feb 2010


Testing SSL server Example.com on port 443


  Supported Server Cipher(s):
    Failed    SSLv2  168 bits  DES-CBC3-MD5
    Failed    SSLv2   56 bits  DES-CBC-MD5
    Failed    SSLv2  128 bits  IDEA-CBC-MD5
    Failed    SSLv2   40 bits  EXP-RC2-CBC-MD5
    Failed    SSLv2  128 bits  RC2-CBC-MD5
    Failed    SSLv2   40 bits  EXP-RC4-MD5
    Failed    SSLv2  128 bits  RC4-MD5
    Failed    SSLv3  256 bits  ADH-AES256-SHA
    Failed    SSLv3  256 bits  DHE-RSA-AES256-SHA
    Failed    SSLv3  256 bits  DHE-DSS-AES256-SHA
    Failed    SSLv3  256 bits  AES256-SHA
    Failed    SSLv3  128 bits  ADH-AES128-SHA
    Failed    SSLv3  128 bits  DHE-RSA-AES128-SHA
    Failed    SSLv3  128 bits  DHE-DSS-AES128-SHA
    Failed    SSLv3  128 bits  AES128-SHA
    Failed    SSLv3  168 bits  ADH-DES-CBC3-SHA
    Failed    SSLv3   56 bits  ADH-DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-ADH-DES-CBC-SHA
    Failed    SSLv3  128 bits  ADH-RC4-MD5
    Failed    SSLv3   40 bits  EXP-ADH-RC4-MD5
    Failed    SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Failed    SSLv3   56 bits  EDH-RSA-DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-EDH-RSA-DES-CBC-SHA
    Failed    SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
    Failed    SSLv3   56 bits  EDH-DSS-DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-EDH-DSS-DES-CBC-SHA
    Failed    SSLv3  168 bits  DES-CBC3-SHA
    Failed    SSLv3   56 bits  DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-DES-CBC-SHA
    Failed    SSLv3  128 bits  IDEA-CBC-SHA
    Failed    SSLv3   40 bits  EXP-RC2-CBC-MD5
    Failed    SSLv3  128 bits  RC4-SHA
    Failed    SSLv3  128 bits  RC4-MD5
    Failed    SSLv3   40 bits  EXP-RC4-MD5
    Failed    SSLv3    0 bits  NULL-SHA
    Failed    SSLv3    0 bits  NULL-MD5
    Failed    TLSv1  256 bits  ADH-AES256-SHA
    Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA
    Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA
    Failed    TLSv1  256 bits  AES256-SHA
    Failed    TLSv1  128 bits  ADH-AES128-SHA
    Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA
    Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA
    Failed    TLSv1  128 bits  AES128-SHA
    Failed    TLSv1  168 bits  ADH-DES-CBC3-SHA
    Failed    TLSv1   56 bits  ADH-DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-ADH-DES-CBC-SHA
    Failed    TLSv1  128 bits  ADH-RC4-MD5
    Failed    TLSv1   40 bits  EXP-ADH-RC4-MD5
    Failed    TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Failed    TLSv1   56 bits  EDH-RSA-DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-EDH-RSA-DES-CBC-SHA
    Failed    TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
    Failed    TLSv1   56 bits  EDH-DSS-DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-EDH-DSS-DES-CBC-SHA
    Failed    TLSv1  168 bits  DES-CBC3-SHA
    Failed    TLSv1   56 bits  DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-DES-CBC-SHA
    Failed    TLSv1  128 bits  IDEA-CBC-SHA
    Failed    TLSv1   40 bits  EXP-RC2-CBC-MD5
    Failed    TLSv1  128 bits  RC4-SHA
    Failed    TLSv1  128 bits  RC4-MD5
    Failed    TLSv1   40 bits  EXP-RC4-MD5
    Failed    TLSv1    0 bits  NULL-SHA
    Failed    TLSv1    0 bits  NULL-MD5


  Prefered Server Cipher(s):

C:\Users\Admin\Desktop\SSLScan>SSLScan.exe Example.com:80
                   _
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|


                  Version 1.8.2-win
             http://www.titania.co.uk
        Copyright Ian Ventura-Whiting 2009
    Compiled against OpenSSL 0.9.8m 25 Feb 2010


Testing SSL server Example.com on port 80


  Supported Server Cipher(s):
    Rejected  SSLv2  168 bits  DES-CBC3-MD5
    Rejected  SSLv2   56 bits  DES-CBC-MD5
    Rejected  SSLv2  128 bits  IDEA-CBC-MD5
    Rejected  SSLv2   40 bits  EXP-RC2-CBC-MD5
    Rejected  SSLv2  128 bits  RC2-CBC-MD5
    Rejected  SSLv2   40 bits  EXP-RC4-MD5
    Rejected  SSLv2  128 bits  RC4-MD5
    Failed    SSLv3  256 bits  ADH-AES256-SHA
    Failed    SSLv3  256 bits  DHE-RSA-AES256-SHA
    Failed    SSLv3  256 bits  DHE-DSS-AES256-SHA
    Failed    SSLv3  256 bits  AES256-SHA
    Failed    SSLv3  128 bits  ADH-AES128-SHA
    Failed    SSLv3  128 bits  DHE-RSA-AES128-SHA
    Failed    SSLv3  128 bits  DHE-DSS-AES128-SHA
    Failed    SSLv3  128 bits  AES128-SHA
    Failed    SSLv3  168 bits  ADH-DES-CBC3-SHA
    Failed    SSLv3   56 bits  ADH-DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-ADH-DES-CBC-SHA
    Failed    SSLv3  128 bits  ADH-RC4-MD5
    Failed    SSLv3   40 bits  EXP-ADH-RC4-MD5
    Failed    SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Failed    SSLv3   56 bits  EDH-RSA-DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-EDH-RSA-DES-CBC-SHA
    Failed    SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
    Failed    SSLv3   56 bits  EDH-DSS-DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-EDH-DSS-DES-CBC-SHA
    Failed    SSLv3  168 bits  DES-CBC3-SHA
    Failed    SSLv3   56 bits  DES-CBC-SHA
    Failed    SSLv3   40 bits  EXP-DES-CBC-SHA
    Failed    SSLv3  128 bits  IDEA-CBC-SHA
    Failed    SSLv3   40 bits  EXP-RC2-CBC-MD5
    Failed    SSLv3  128 bits  RC4-SHA
    Failed    SSLv3  128 bits  RC4-MD5
    Failed    SSLv3   40 bits  EXP-RC4-MD5
    Failed    SSLv3    0 bits  NULL-SHA
    Failed    SSLv3    0 bits  NULL-MD5
    Failed    TLSv1  256 bits  ADH-AES256-SHA
    Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA
    Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA
    Failed    TLSv1  256 bits  AES256-SHA
    Failed    TLSv1  128 bits  ADH-AES128-SHA
    Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA
    Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA
    Failed    TLSv1  128 bits  AES128-SHA
    Failed    TLSv1  168 bits  ADH-DES-CBC3-SHA
    Failed    TLSv1   56 bits  ADH-DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-ADH-DES-CBC-SHA
    Failed    TLSv1  128 bits  ADH-RC4-MD5
    Failed    TLSv1   40 bits  EXP-ADH-RC4-MD5
    Failed    TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Failed    TLSv1   56 bits  EDH-RSA-DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-EDH-RSA-DES-CBC-SHA
    Failed    TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
    Failed    TLSv1   56 bits  EDH-DSS-DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-EDH-DSS-DES-CBC-SHA
    Failed    TLSv1  168 bits  DES-CBC3-SHA
    Failed    TLSv1   56 bits  DES-CBC-SHA
    Failed    TLSv1   40 bits  EXP-DES-CBC-SHA
    Failed    TLSv1  128 bits  IDEA-CBC-SHA
    Failed    TLSv1   40 bits  EXP-RC2-CBC-MD5
    Failed    TLSv1  128 bits  RC4-SHA
    Failed    TLSv1  128 bits  RC4-MD5
    Failed    TLSv1   40 bits  EXP-RC4-MD5
    Failed    TLSv1    0 bits  NULL-SHA
    Failed    TLSv1    0 bits  NULL-MD5


  Prefered Server Cipher(s):

Why? What is wrong?

Thank you.

Lex Li (Microsoft) 6,037 Reputation points Microsoft Employee

2021-09-28T15:20:15.957+00:00

What's wrong? You ran a very old tool (version 1.8 was released long before 2014), so don't expect any meaningful results. Use the latest from https://github.com/rbsec/sslscan and run the scan again.

2 answers

Your answer

Lex Li (Microsoft) 6,037 Reputation points Microsoft Employee

2021-09-28T15:20:15.957+00:00

What's wrong? You ran a very old tool (version 1.8 was released long before 2014), so don't expect any meaningful results. Use the latest from https://github.com/rbsec/sslscan and run the scan again.

Answer 1

Hello,
Thank yo so much for your help.
I downloaded the last version and result is:

C:\Users\Admin\Desktop\SSLscan>sslscan.exe Example.com:443
Version: 2.0.10 Windows 64-bit (Mingw)
OpenSSL 1.1.1e-dev  xx XXX xxxx


Connected to 172.16.7.5


Testing SSL server Example.com on port 443 using SNI name Example.com


  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   enabled
TLSv1.3   disabled


  TLS Fallback SCSV:
Server supports TLS Fallback SCSV


  TLS renegotiation:
Session renegotiation not supported


  TLS Compression:
Compression disabled


  Heartbleed:
TLSv1.2 ERROR: send() failed: Bad file descriptor



C:\Users\Admin\Desktop\SSLscan>sslscan.exe Example.com:80
Version: 2.0.10 Windows 64-bit (Mingw)
OpenSSL 1.1.1e-dev  xx XXX xxxx


Connected to 172.16.7.5


Testing SSL server Example.com on port 80 using SNI name Example.com


  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   disabled
TLSv1.3   disabled


  TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support


  TLS renegotiation:
Session renegotiation not supported


  TLS Compression:
Compression disabled


  Heartbleed:


  Supported Server Cipher(s):
Certificate information cannot be retrieved.


C:\Users\Admin\Desktop\SSLscan>

Answer 2

WindowsGeek 21

Hello,
Is my SSL OK?

Thank you.

Share via

What is wrong with my SSL?

2 answers

Your answer