sslscan fails with "ERROR: Could not create CTX object."
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| sslscan (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: sslscan
sslscan is listing all supported server cipher(s) but not any data of the certificate.
You can try this out with sslscan any-ssl-
It doesnt by now.
Errormessage of sslscan output (on top of the output and at bottom):
ERROR: Could not create CTX object.
Installed & related packages:
ii libssl-dev 0.9.8o-1ubuntu4.1
ii libssl0.9.8 0.9.8o-1ubuntu4.1
ii openssl 0.9.8o-1ubuntu4.1
ii sslscan 1.8.2-1
Ubuntu Version:
maverick amd64
Complete Output:
___ ___| |___ ___ __ _ _ __
/ __/ __| / __|/ __/ _` | '_ \
\__ \__ \ \__ \ (_| (_| | | | |
http://
Copyright Ian Ventura-Whiting 2009
ERROR: Could not create CTX object.
Testing SSL server hidden.tld on port 443
Supported Server Cipher(s):
Rejected SSLv3 256 bits ADH-AES256-SHA
Rejected SSLv3 256 bits DHE-RSA-AES256-SHA
Rejected SSLv3 256 bits DHE-DSS-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Rejected SSLv3 128 bits ADH-AES128-SHA
Rejected SSLv3 128 bits DHE-RSA-AES128-SHA
Rejected SSLv3 128 bits DHE-DSS-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Rejected SSLv3 168 bits ADH-DES-CBC3-SHA
Rejected SSLv3 56 bits ADH-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-ADH-DES-CBC-SHA
Rejected SSLv3 128 bits ADH-RC4-MD5
Rejected SSLv3 40 bits EXP-ADH-RC4-MD5
Rejected SSLv3 168 bits EDH-RSA-
Rejected SSLv3 56 bits EDH-RSA-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-EDH-
Rejected SSLv3 168 bits EDH-DSS-
Rejected SSLv3 56 bits EDH-DSS-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-EDH-
Accepted SSLv3 168 bits DES-CBC3-SHA
Rejected SSLv3 56 bits DES-CBC-SHA
Rejected SSLv3 40 bits EXP-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-RC2-CBC-MD5
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Rejected SSLv3 40 bits EXP-RC4-MD5
Rejected SSLv3 0 bits NULL-SHA
Rejected SSLv3 0 bits NULL-MD5
Rejected TLSv1 256 bits ADH-AES256-SHA
Rejected TLSv1 256 bits DHE-RSA-AES256-SHA
Rejected TLSv1 256 bits DHE-DSS-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Rejected TLSv1 128 bits ADH-AES128-SHA
Rejected TLSv1 128 bits DHE-RSA-AES128-SHA
Rejected TLSv1 128 bits DHE-DSS-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Rejected TLSv1 168 bits ADH-DES-CBC3-SHA
Rejected TLSv1 56 bits ADH-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-ADH-DES-CBC-SHA
Rejected TLSv1 128 bits ADH-RC4-MD5
Rejected TLSv1 40 bits EXP-ADH-RC4-MD5
Rejected TLSv1 168 bits EDH-RSA-
Rejected TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-EDH-
Rejected TLSv1 168 bits EDH-DSS-
Rejected TLSv1 56 bits EDH-DSS-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-EDH-
Accepted TLSv1 168 bits DES-CBC3-SHA
Rejected TLSv1 56 bits DES-CBC-SHA
Rejected TLSv1 40 bits EXP-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Rejected TLSv1 40 bits EXP-RC4-MD5
Rejected TLSv1 0 bits NULL-SHA
Rejected TLSv1 0 bits NULL-MD5
Prefered Server Cipher(s):
ERROR: Could not create CTX object.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: sslscan 1.8.2-1
ProcVersionSign
Uname: Linux 2.6.35-22-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Wed Oct 20 14:47:58 2010
ProcEnviron:
PATH=(custom, user)
LANG=de_DE.utf8
SHELL=/bin/bash
SourcePackage: sslscan
| Torsten Streit (ts-tstreit) wrote | #1 |
| Justin Samuel (justin-justinsamuel) wrote | #2 |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in sslscan (Ubuntu): | |
| status: | New → Confirmed |
| Changed in sslscan (Ubuntu): | |
| importance: | Undecided → Medium |
| Adrien Nader (adrien) wrote | #5 |
| Changed in sslscan (Ubuntu): | |
| status: | Confirmed → Fix Released |
This is probably because, afaik, recent Ubuntu versions ship openssl without SSLv2 support. By default, sslscan will try SSLv2, SSLv3, and TLSv1. However, sslscan isn't expecting SSLv2 to be not available at all.
To use sslscan on recent Ubuntu versions, use the --ssl3 or --tls1 options to sslscan.
Note that you should be very careful about testing remote servers for SSLv2 support when using an Ubuntu client, including with "openssl s_client -ssl2 -connect somehost:443". Using an Ubuntu client, you may incorrectly determine that the remote server doesn't support SSLv2 when in fact it really does, it's just your client that doesn't support SSLv2.