During the PCI compliance Audit , it is generally compulsory to disable SSL 2.0 on the website. But important thing is to identify if SSL 2.0 is disabled on an IIS website or not.
There are many sites available on internet who can check the status of SSL 2.0 on Public site but if it comes to Intranet websites , we need to use OpenSSL to check the same.
How to :
1. Download and Install OpenSSL for Windows from : http://gnuwin32.sourceforge.net/packages/openssl.htm
2. Once Installed OpenSSL on your machine, Go to the following path on the command prompt of your machine. : C:\Program Files\GnuWin32\bin>
3. Type Following command : openssl s_client -connect hostname:443 -ssl2
4. If the results are as following, SSL V2.0 is disabled on your server
419:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
420:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:
5. If you get the actual certificate information then SSL V2.0 in enabled on your Server.
Enjoy
