Logapp root:/loglogic/ssl-cipher-suite-enum-v1.0.0 0$ ./ssl-cipher-suite-enum.pl 10.114.80.140:2098 Starting ssl-cipher-suite-enum v1.0.0 ( http://labs.portcullis.co.uk/application/ssl-cipher-suite-enum/ ) at Fri Sep 25 02:18:36 2015 [+] Scanning 1 hosts === Scan Info === Target: 10.114.80.140 IP: 10.114.80.140 Port: 2098 Protocols: SSLv2.0,SSLv3.0,TLSv1.0,TLSv1.1,TLSv1.2 Persist: 0 Preamble: None Scan Rate: unlimited Recv Timeout: 10 === Testing protocol SSLv2.0 === [+] 0 SSLv2.0 cipher suites supported === Testing protocol SSLv3.0 === [+] Protocol SSLv3.0 is not supported. Skipping. [+] 0 SSLv3.0 cipher suites supported === Testing protocol TLSv1.0 === [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.0 RSA_DES_192_CBC3_SHA[000a] BEAST,NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.0 ECDHE_RSA_WITH_DES_192_CBC3_SHA[c012] BEAST [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.0 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013] BEAST [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.0 EDH_RSA_DES_192_CBC3_SHA[0016] BEAST [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.0 RSA_WITH_AES_128_SHA[002f] BEAST,NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.0 DHE_RSA_WITH_AES_128_SHA[0033] BEAST [+] Preferred TLSv1.0 cipher suite on 10.114.80.140:2098: RSA_DES_192_CBC3_SHA[000a] BEAST,NO_PFS [+] 6 TLSv1.0 cipher suites supported [V] 10.114.80.140:2098 - Most clients will be vulnerable to BEAST attack - if HTTPS service [V] 10.114.80.140:2098 - Most encrypted connections will not use forward secrecy === Testing protocol TLSv1.1 === [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.1 RSA_DES_192_CBC3_SHA[000a] NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.1 ECDHE_RSA_WITH_DES_192_CBC3_SHA[c012] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.1 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.1 EDH_RSA_DES_192_CBC3_SHA[0016] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.1 RSA_WITH_AES_128_SHA[002f] NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.1 DHE_RSA_WITH_AES_128_SHA[0033] [+] Preferred TLSv1.1 cipher suite on 10.114.80.140:2098: RSA_DES_192_CBC3_SHA[000a] NO_PFS [+] 6 TLSv1.1 cipher suites supported [V] 10.114.80.140:2098 - Most encrypted connections will not use forward secrecy === Testing protocol TLSv1.2 === [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 RSA_DES_192_CBC3_SHA[000a] NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 ECDHE_RSA_WITH_DES_192_CBC3_SHA[c012] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 EDH_RSA_DES_192_CBC3_SHA[0016] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 ECDHE_RSA_WITH_AES_128_CBC_SHA256[c027] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 RSA_WITH_AES_128_SHA[002f] NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 ECDHE_RSA_WITH_AES_128_GCM_SHA256[c02f] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 DHE_RSA_WITH_AES_128_SHA[0033] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 RSA_WITH_AES_128_CBC_SHA256[003c] NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 DHE_RSA_WITH_AES_128_CBC_SHA256[0067] [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 RSA_WITH_AES_128_GCM_SHA256[009c] NO_PFS [+] Cipher suite supported on 10.114.80.140:2098: TLSv1.2 DHE_RSA_WITH_AES_128_GCM_SHA256[009e] [+] Preferred TLSv1.2 cipher suite on 10.114.80.140:2098: RSA_DES_192_CBC3_SHA[000a] NO_PFS [+] 12 TLSv1.2 cipher suites supported [V] 10.114.80.140:2098 - Most encrypted connections will not use forward secrecy [+] Summary of support cipher suites for 10.114.80.140:2098 TLSv1.0: * RSA_DES_192_CBC3_SHA * EDH_RSA_DES_192_CBC3_SHA * RSA_WITH_AES_128_SHA * DHE_RSA_WITH_AES_128_SHA * ECDHE_RSA_WITH_DES_192_CBC3_SHA * ECDHE_RSA_WITH_AES_128_CBC_SHA TLSv1.1: * RSA_DES_192_CBC3_SHA * EDH_RSA_DES_192_CBC3_SHA * RSA_WITH_AES_128_SHA * DHE_RSA_WITH_AES_128_SHA * ECDHE_RSA_WITH_DES_192_CBC3_SHA * ECDHE_RSA_WITH_AES_128_CBC_SHA TLSv1.2: * RSA_DES_192_CBC3_SHA * EDH_RSA_DES_192_CBC3_SHA * RSA_WITH_AES_128_SHA * DHE_RSA_WITH_AES_128_SHA * RSA_WITH_AES_128_CBC_SHA256 * DHE_RSA_WITH_AES_128_CBC_SHA256 * RSA_WITH_AES_128_GCM_SHA256 * DHE_RSA_WITH_AES_128_GCM_SHA256 * ECDHE_RSA_WITH_DES_192_CBC3_SHA * ECDHE_RSA_WITH_AES_128_CBC_SHA * ECDHE_RSA_WITH_AES_128_CBC_SHA256 * ECDHE_RSA_WITH_AES_128_GCM_SHA256 [+] Summary of weakness "BEAST" for 10.114.80.140:2098 TLSv1.0: * RSA_DES_192_CBC3_SHA * EDH_RSA_DES_192_CBC3_SHA * RSA_WITH_AES_128_SHA * DHE_RSA_WITH_AES_128_SHA * ECDHE_RSA_WITH_DES_192_CBC3_SHA * ECDHE_RSA_WITH_AES_128_CBC_SHA [+] Summary of weakness "NO_PFS" for 10.114.80.140:2098 TLSv1.0: * RSA_DES_192_CBC3_SHA * RSA_WITH_AES_128_SHA TLSv1.1: * RSA_DES_192_CBC3_SHA * RSA_WITH_AES_128_SHA TLSv1.2: * RSA_DES_192_CBC3_SHA * RSA_WITH_AES_128_SHA * RSA_WITH_AES_128_CBC_SHA256 * RSA_WITH_AES_128_GCM_SHA256 === Scan Complete === [+] ssl-cipher-suite-enum v1.0.0 completed at Fri Sep 25 02:22:46 2015. 708 connections in 250 secs.