My znc's SSL port is not 443. Various SSL vulnerability tests on the web work only on 443 port.
znc SSL port serves a web server and an IRC bouncer simultaneously.
How can I test whether znc SSL port is not vulnerable against SSL vulnerabilities like logjam, poodle, freak, and so on?
You can test your SSL connection by using the openssl and nmap tool.
Heartbleed
openssl version
Your OpenSSL installation is vulnerable to Hertbleed if the version output is one of these values: 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1
source
As pointed out in the comments below just checking the version might give you a false positive as most distributions offer security patches which don't change the version of openssl.
I found this answer on the serverfault to check for heartbleed:
openssl s_client -connect example.com:443 -tlsextdebug 2>&1 | grep 'server extension "heartbeat" (id=15)' || echo safe
Poodle
openssl s_client -connect example.com:443 -ssl3
if you get something like this
3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40
3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
everything is ok. source
Logjam
openssl s_client -connect example.com:443 -ssl3
This should output two lines:
Server public key is 4096 bit is your RSA Key size.
Server Temp Key: DH, 4096 bits is your DH-Parameter size.If this is 1024 bits or lower you need up upgrade your configuration.
Freak
I have found no way to test against freak attack by just using openssl. You can use nmap instead.
nmap --script ssl-enum-ciphers -p 443 example.com | grep EXPORT -l | wc -l
prints 1 for vulnerable and 0 for clean.
Try testssl.sh. Great tool that can be run from command line and give pretty much the same output as ssllabs.com (though without browser info unfortunately), but not limited by port or to public facing websites.
Note this is a shell script which, as I understand it from a quick look at the source, basically wraps all the openssl commands that knowhy has suggested in his answer and more into one nice, easy to use, script.
