Nounou Dadoun wrote: > There was a suite of test scripts posted to the dev list (I set them > up and used them very quickly), see below .... > > Nou Dadoun > Senior Firmware Developer, Security Specialist Do note that there command lines were exchanged on the email describing the scripts, though: To verify that an https server at example.com does not support SSLv2 at all you should use?test-sslv2-force-cipher.py, not?test-sslv2-force- export-cipher.py. test-sslv2-force-export-cipher.py should be used to to only verify that the server does not support export grade SSLv2 ciphers. And thus, it's?test-sslv2-force-cipher.py the one who is a superset of the test-sslv2-force-export-cipher.py Additionally, I'd like to point out the undocumented feature that instead of using -p port, they also support -h host:port, which is handy when dealing with lists of servers and ports. Regards
