Anonymous Cipher false positive

[superuser5]

when running scan from kali it says that Vulnerable to anonymous cipher, but log says that connection fail.

[INF] Scan Anonymous Cipher..

• [LOG] IP Check Ok.
• [LOG] Start SSL Connection
• [LOG] Analysis SSL Information
• [LOG] 'Connection fail'

Vulnerability CVE CVSS v2 Base Score State
================ ============= ========================== ===============
Anonymous Cipher CVE-2007-1858 AV:N/AC:H/Au:N/C:P/I:N/A:N Vulnerable!
CRIME(SPDY) CVE-2012-4929 AV:N/AC:H/Au:N/C:P/I:N/A:N Vulnerable!
HeartBleed CVE-2014-0160 AV:N/AC:L/Au:N/C:P/I:N/A:N Not Vulnerable.
CCS Injection CVE-2014-0224 AV:N/AC:M/Au:N/C:P/I:P/A:P Not Vulnerable.
SSLv3 POODLE CVE-2014-3566 AV:N/AC:M/Au:N/C:P/I:N/A:N Not Vulnerable.
OpenSSL FREAK CVE-2015-0204 AV:N/AC:M/Au:N/C:N/I:P/A:N Not Vulnerable.
OpenSSL LOGJAM CVE-2015-4000 AV:N/AC:M/Au:N/C:N/I:P/A:N Not Vulnerable.
SSLv2 DROWN CVE-2016-0800 AV:N/AC:M/Au:N/C:P/I:N/A:N Not Vulnerable.

[QinLongFei]

My server don't support aNULL ciphers and the connection will fail when running "openssl s_client -connect IP:Port -ciphers aNULL"

But a2sv return Vulnerable. So I think It's a bug!

[cxzero]

To complement, I checked my server too and openssl s_client -connect IP:Port -cipher aNULL gives an error in ssl handshake, so it seems to be a bug, while a2sv says it is vulnerable to anonymous cipher.

Also checked with testssl and TestSSLServer and any of the cipher suites admits NULL.