Encryption detection - Doodle
One of our customers ask if we can detect what encryption that have been used (SSL3/TLS1.0/TLS1.1 etc)
They would like to see this because of the POODLE SSLv3 Vulnerability and be able to report on it.
/Thomas
Hi Thomas
As i know, there are no automatic way of getting insight into what version of SSL is being used.
However - RCON there is a number of things you could pursue, such as turning on the logging of all SSL SHOW SSLDECR LOGLEVEL
I don't have a SSL log at hand so I'm not 100% sure of what will be listed in there but it's a start. There are also some other things you could look into by using the fantastic RCON GUI 
SSL-Related rcon Commands
Thomas,
Use rcmd show ssldecr status command, the usage is:
SHOW SSLDECR STATUS HELP - display this help message SHOW SSLDECR STATUS - show aggregated information about SSL decryption status SHOW SSLDECR STATUS * - show general information about SSL decryption status for all servers SHOW SSLDECR STATUS ip_addr - show general information about SSL decryption status filtered by IP address SHOW SSLDECR STATUS ip_addr port - show general information about SSL decryption status for one IP address and port number
The output should be simialr to:
SSL protocol version breakdown per number of sessions: supported versions: ssl3.0=1003270 tls1.0=1351368 tls1.1=9287 tls1.2=39268 unsupported versions: ssl2.0=34 other versions=0 no version info=2490279
Thomas,
If you would need help parsing the output of:
SHOW SSLDECR STATUS *
command, please let us know.
Is there a way to see what IP is realted to what SSL?
I think what Thomas is fishing for is a list of all IP addresses that use SSL3.
Yes, using:
SHOW SSLDECR STATUS *
command it prints out SSL stats (that mentioned SSL protocol version breakdown per number of sessions is a part of) for each monitored SSL server.
Thanks Adam, that was exactly what they where looking for
/Thomas
