Nmap Development mailing list archives
Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script
From: David Fifield <david () bamsoftware com>
Date: Fri, 19 Feb 2010 13:58:56 -0700
On Tue, Feb 16, 2010 at 09:12:59PM -0600, Mak Kolybabi wrote:
Attached is a script that I have written to enumerate all of the ciphers and compression algorithms available on an SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 server.
I like this script idea a lot! Here's what I get running against "ncat -l --ssl -k -v 443 > /dev/null": 443/tcp open https syn-ack | sslv3-enum: | SSLv3 | Ciphers (5) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_IDEA_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | uncompressed | TLSv1.0 | Ciphers (5) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_IDEA_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | uncompressed | TLSv1.1 | Ciphers (5) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_IDEA_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | uncompressed | TLSv1.2 | Ciphers (5) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_IDEA_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) |_ uncompressed (As an aside, Ncat is supposed to use only strong ciphers; does this look right to people who know? The only one that looks like it might not fit to me is RC4.) The script is very well coded. I don't have any trouble understanding it. I think manually crafting SSL packets is appropriate for this script. I think the bind here is a no-op: sock = nmap.new_socket() sock:set_timeout(5000) sock:bind() You need to put some limit on the read loop, or else parse it incrementally or something, because you can DOS the script with "ncat -l --ssl -k -v 443 > /dev/null < /dev/zero". I agree that the name should be changed. Maybe ssl-enum-ciphers. What happens when you run it against an SSLv2 server, like "openssl s_server -ssl2"? You should switch the order of the first two paragraphs in the description. The first paragraph is shown as the summary in NSEDoc, and what you have now as the second paragraph is more descriptive of what the script does. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 16)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 17)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 19)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 20)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 22)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 22)
- Ncat segfault with -l --ssl < /dev/zero David Fifield (Feb 23)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 23)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 24)