Add test_ssl3 script to check if an LDAP server support SSLv3.

README.md

@@ -50,3 +50,11 @@ Then the script will:
 * I can display my current task and it's timer wherever i want (tmux, herbstluftwm, …)
 * Written to work with /bin/sh
 
+## Test_ssl3
+Redhat's script to test if an LDAP server support SSLv3.
+
+You could also use a nmap command:
+```sh
+nmap --script ssl-enum-ciphers -p 443 ldap.tld.org | grep "SSLv3: No supported ciphers found"
+```
+

test_ssl3

@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+#  Copyright (C) 2014 by Dan Varga
+#  dvarga@redhat.com
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 3 of the License, or
+#  (at your option) any later version.
+
+host=$1
+port=$2
+
+if [ "$2" == "" ]
+then
+  port=443
+fi
+
+out="`echo x | timeout 5 openssl s_client -ssl3 -connect ${host}:${port} 2>/dev/null`"
+ret=$?
+
+if [ $ret -eq 0 ]
+then
+  echo "VULNERABLE! SSLv3 detected."
+  exit
+elif [ $ret -eq 1 ]
+then
+  out=`echo $out | perl -pe 's|.*Cipher is (.*?) .*|$1|'`
+  if [ "$out" == "0000" ] || [ "$out" == "(NONE)" ]
+  then
+    echo "Not Vulnerable. We detected that this server does not support SSLv3"
+    exit
+  fi
+elif [ $ret -eq 124 ]
+then
+  echo "error: timeout connecting to host $host:$port"
+  exit
+fi
+echo "Final error: Unable to connect to host $host:$port"