SSL-Cipher-Check v1.6
October 21st, 2009 Posted in Computers, Software, UnspecificSSL-Cipher-Check v1.6 (http://unspecific.com/ssl/) Released. Bugfix for SSLv2 incomplete handshake causing false positive.
Steven Andrés (of Special Ops Security) pointed out a flaw and gave me a fix.
” For some cipher combinations, OpenSSL will return a “verify return” command but then later on fail with the “no cipher list” error. Since you check the former and not the latter, you false positive on these ciphers. ”
His patch has been applied and all is working well.
