Weak Ciphers on 443: How to verify SSLv2 has been Disabled

We have noticed that some PCI compliance scanning companies have a propensity to report false positives when it comes to SSLv2 support.  Here's how you can verify for yourself whether your site is supporting SSLv2.

Internet Explorer is one of the few browsers left that will allow you to force an SSLv2 connection, and by forcing SSL2, you can see for yourself whether your site connects or not.

To force SSL 2 in Internet Explorer, go to tools, internet options, and click on the Advanced tab. Scroll down, and uncheck TLS 1 and SSL 3, leaving SSL 2 checked. 

Click OK to save your changes, and then try to reach any SSL page on your site.  You'll notice it can't connect.  Now, change your settings back to SSL 3 and TLS1, and it will connect without a problem.

So if your PCI Scanner is reporting that your server supports SSL version 2 on port 443, please try this test.  If your site won't display https pages using version 2, you can safely report that the weak cipher on port 443 is a false positive.  And of course if your site DOES connect using SSL 2, please contact us and we will get that straightened out.

Reviewed 11/05/2016

  • Email, SSL
  • 33 Users Found This Useful
Was this answer helpful?

Related Articles

ScanAlert Test Levels Explanations

So you've signed up for ScanAlert and have your weekly report. If you have notices, here are what...

WebSite Directory Index Vulnerability

Scanalert's "WebSite Directory Index Vulnerability" simply means that if someone goes to a...

Scanalert Warning: The remote host appears to be using a version of OpenSSL which is older than 0.9.6j or 0.9.7b

The OpenSSL version has actually been patched on our servers for more than a year when the...

Scanalert Warning: The remote host appears to have 10 or more open ports

This is part of how the system operates. We have substantial firewalls in place, however since we...

Excessive Open Ports

ScanAlert, HackerSafe, HackerGuardian and HackerProof are the main contenders on the web when it...