In order to exploit the vulnerablity, a MITM attacker would
effectively do the following:
o Wait for a new TLS connection, followed by the ClientHello
ServerHello handshake messages.
o Issue a CCS packet in both the directions, which causes the OpenSSL
code to use a zero length pre master secret key. The packet is sent to
both ends of the connection. Session Keys are derived using a zero
length pre master secret key, and future session keys also share this
weakness.
o Renegotiate the handshake parameters.
o The attacker is now able to decrypt or even modify the packets in
transit.
The script works by sending a 'ChangeCipherSpec' message out of order
and checking whether the server returns an 'UNEXPECTED_MESSAGE' alert
record or not. Since a non-patched server would simply accept this
message, the CCS packet is sent twice, in order to force an alert from
the server. If the alert type is different than 'UNEXPECTED_MESSAGE',
we can conclude the server is vulnerable.
Fonte: link
Puoi usare openssl s_client in linux per inviare pacchetti al server e confermare la vulnerabilità manualmente.
Inoltre ti suggerisco di utilizzare testssl.sh disponibile sul link perché lo strumento è molto più completo e accurato.