Differences between sslscan 1.8.2 on linux and sslscan 1.11.1-rbsec-5-g13488b2 on OS X

[Vietwoojagig]

sslscan 1.8.2 on linux mint 17.3
sslscan secure.st-willi.de | grep "40 bits"
Rejected SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-EDH-DSS-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-ADH-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-RC2-CBC-MD5
Rejected SSLv3 40 bits EXP-ADH-RC4-MD5
Rejected SSLv3 40 bits EXP-RC4-MD5
Rejected TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-EDH-DSS-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-ADH-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-RC2-CBC-MD5
Rejected TLSv1 40 bits EXP-ADH-RC4-MD5
Rejected TLSv1 40 bits EXP-RC4-MD5

sslscan 1.11.1-rbsec-5-g13488b2 on OS X
sslscan secure.st-willi.de | grep "40"
Accepted TLSv1.0 40 bits EXP-DES-CBC-SHA RSA 512 bits
Accepted TLSv1.0 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
Accepted TLSv1.0 40 bits EXP-RC4-MD5 RSA 512 bits

You see, that all that is accepted by the scan in OS X is rejected in the scan in linux.

Which one is right?

[rbsec]

Your Linux scan results are using a version of sslscan released by Ian Ventura-Whiting in June 2009, which is built against whatever version of OpenSSL your distro ships, which may or may not have support for various insecure ciphers or protocols.

Do you still get different results between Linux and OSX if you use a modern version of sslscan on Linux (and statically build both)?

[Vietwoojagig]

Unfortunately 1.8.3 is the the newest version of sslscan in Linux Mint 17. Upgrading to the latest version 1.10.2 of that branch (https://github.com/DinoTools/sslscan) did not work (at least for me).
So I quickly installed Feudora 23 in a virtual machine, as they have a the latest version:
sslscan --version
sslscan version 1.10.2
OpenSSL 1.0.2d-fips 9 Jul 2015
To make things short: With that version, the output is the same as with your version.
Your version is definitely faster

[rbsec]

The version on Fedora (that you linked) is provided by another developer - so if you encounter any bugs in it then please contact DinoTools or the distro maintainers.

If you build the latest version of my fork from this repo, that should work on Fedora. It's also packaged on at least one distro (Kali), and I think it's being packaged in the Debian experimental repos.

[Vietwoojagig]

I have the feeling that you don't understand the purpose of testing DinoTools version against your version. If that version (1.10.2) of DinoTools would also have proceeded a different outcome like the older 1.8.3 version of the same branch, than either your version or DinoTools version would have a problem. Since this is not the case, everything is fine. No version has a bug an nobody needs to be informed about anything. Maybe only LinuxMint or Ubuntu to update their packages.
I really don't care about Feudora. I only installed it as a testing-envorionment for DinoTools newest version. I removed that virtual machine already.