Nmap Development mailing list archives
Re: [NSE] ssl-enum-ciphers hosed?
From: David Fifield <david () bamsoftware com>
Date: Sun, 21 Mar 2010 21:36:02 -0600
On Sun, Mar 21, 2010 at 04:44:25PM -0500, Mak Kolybabi wrote:
On 2010-03-15 10:13, David Fifield wrote:If there's some fundamental limitation that means the faster method can't ever be completely reliable, then switch back to the slower method.In looking at some other tools that enumerate ciphers, I've found that they all use the slow method. Sadly, I couldn't make the fast method work reliably across all SSL implementations. The new script (see attached) makes the following changes: - Offers the slow-and-reliable algorithm, only. - Fixes the "malformed packet" bug. - Treats RSTs as rejections, not fatal errors. - Adds some obsolete ciphers that were requested. - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA - SSL_RSA_FIPS_WITH_DES_CBC_SHA - Adds some other cipher definitions that I came across. - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA - TLS_DHE_DSS_WITH_RC4_128_SHA - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA - TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 - TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA Please let me know if there are any problems with the new version.
I have committed it. If you would write an implementation sketch of the fast method that didn't work in all cases, and a summary of the problems you encountered, I'll add them to the script as an idea for future enhancement. Here's a test against Gmail: 993/tcp open ssl/imap syn-ack Google Gmail imapd (42if5945622iwn) | ssl-enum-ciphers: | SSLv3 | Ciphers (3) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_MD5 | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | uncompressed | TLSv1.0 | Ciphers (3) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_MD5 | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) |_ uncompressed 995/tcp open ssl/pop3 syn-ack Google Gmail pop3d (8pf5870485iwn) | ssl-enum-ciphers: | SSLv3 | Ciphers (3) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_MD5 | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | uncompressed | TLSv1.0 | Ciphers (3) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_MD5 | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) |_ uncompressed Nmap done: 1 IP address (1 host up) scanned in 157.65 seconds And here's against Ncat's brand new SSL HTTP proxy. PORT STATE SERVICE REASON VERSION 31337/tcp open ssl/http-proxy syn-ack Ncat http proxy (Nmap 4.85BETA1 or later) | ssl-enum-ciphers: | SSLv3 | Ciphers (5) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_IDEA_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | uncompressed | TLSv1.0 | Ciphers (5) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_IDEA_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) |_ uncompressed Nmap done: 1 IP address (1 host up) scanned in 32.11 seconds David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ssl-enum-ciphers hosed? Dario Ciccarone (dciccaro) (Mar 12)
- RE: [NSE] ssl-enum-ciphers hosed? Rob Nicholls (Mar 12)
- RE: [NSE] ssl-enum-ciphers hosed? Dario Ciccarone (dciccaro) (Mar 12)
- Re: [NSE] ssl-enum-ciphers hosed? Ron (Mar 12)
- RE: [NSE] ssl-enum-ciphers hosed? Dario Ciccarone (dciccaro) (Mar 15)
- Re: [NSE] ssl-enum-ciphers hosed? Mak Kolybabi (Mar 15)
- RE: [NSE] ssl-enum-ciphers hosed? Dario Ciccarone (dciccaro) (Mar 15)
- Re: [NSE] ssl-enum-ciphers hosed? David Fifield (Mar 15)
- Re: [NSE] ssl-enum-ciphers hosed? Mak Kolybabi (Mar 21)
- Re: [NSE] ssl-enum-ciphers hosed? David Fifield (Mar 21)
- RE: [NSE] ssl-enum-ciphers hosed? Dario Ciccarone (dciccaro) (Mar 12)
- Re: [NSE] ssl-enum-ciphers hosed? Thierry Zoller (Mar 15)
- RE: [NSE] ssl-enum-ciphers hosed? Rob Nicholls (Mar 12)