About SSL Support

[Joao Correa <joao () livewire com br>]

Hello everyone,

I´m working on the SSL support for some scripts, making them work
correctly under normal TCP connections or under SSL connections.

I´ve been facing situations where using connect with TCP flag to
estabilish a connection with a SSL service returns true as status, but
the connection itself cannot be handled. In the irc-info script, for
example, I had to first try connect with SSL flag, if the server does
not support SSL it returns false, and so I try connect again with TCP
flag. Doing the other way (TCP first and SSL if false) won´t work,
since connect with TCP returns true.

I have some ideas, but I´m not pretty sure about what is the cause of
this problem. Anyway, since I´ve found a way out I think is isn´t a
big problem (trying SSL fisrt, and TCP second works pretty fine for
all cases).

I´ve been wondering If I should work on a new flag for connect, maybe
TRYSSL, to enable trying SSL first, and if not possible, trying TCP
automatically. I could also try to work on connect function, to return
false if the flag is TCP but the service requires SSL.

What do you think about it? Any idea of a better sollution?

Thanks,
João

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org