0, 'ssl3'=>0, 'tls1'=>1, 'tls1_1'=>1, 'tls1_2'=>1); if (isset($_POST['action']) && $_POST['action'] == 'test') { $ip = $_POST['ip']; if (!filter_var($ip, FILTER_VALIDATE_IP)) { $ip = gethostbyname($_POST['ip']); if ($ip == $_POST['ip']) die("invalid host or IP"); } $ip = $_POST['ip']; $port = (int)$_POST['port']; if ($port == 0 || !is_int($port)) die("invalid port: $port"); if (isset($_POST['show_output']) && $_POST['show_output'] == '1') $show_output=true; echo "
\n"; foreach ($protocols as $p => $should) { test_ssl($ip, $port, $p, $should); } echo "


\n"; } ?>
ip/host:
port:
show_output: >

We consider the following to be the exepcted behavior:
$should) { if ($should) echo "$p should work
\n"; else echo "$p should not work
\n"; } echo "However, tls1 and tls1_1 are not insecure.. so if they don't work that's fine, but may break older client's connections.
"; function test_ssl($host, $port, $cipher, $should) { global $show_output; $return_code = 99; $command = "/usr/bin/openssl s_client -port '$port' -host '$host' -$cipher 2>&1 < /dev/null"; echo "

Test: $host:$port $cipher ...   "; exec($command, $str, $return_code); $worked = 0; if ($return_code == 0) { echo "worked"; $worked = 1; } else { echo "did not work ($return_code)"; $worked = 0; } if ($worked == $should) { echo "Good!"; } else { echo "Bad!"; } echo "

\n"; if ($show_output) { echo ""; echo "
\n"; echo "return code: $return_code
\n"; echo "
"; } } ?>
Ports to test:

443: Apache
465: Exim
993: IMAP SSL
995: POP SSL
2222: DirectAdmin if you've got SSL enabled