Nmap Development mailing list archives
Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script
From: Rob Nicholls <robert () robnicholls co uk>
Date: Sat, 20 Feb 2010 10:17:07 +0000
On Fri, 19 Feb 2010 13:58:56 -0700, David Fifield <david () bamsoftware com> wrote:
(As an aside, Ncat is supposed to use only strong ciphers; does this look right to people who know? The only one that looks like it might not fit to me is RC4.)
The RC4 cipher is 128 bit, so that's still considered strong in most people's opinion. The main things to avoid seem to be SSLv2, ciphers below 128 bit, and arguably anything MD5 based. I tried it against a server that supports anonymous ciphers, and my own server, and the output looked good and accurate in both cases.
I agree that the name should be changed. Maybe ssl-enum-ciphers.
When I copied it to my scripts folder I renamed it to that too. It fits with existing scripts such as the http and smb script names. Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 16)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 17)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 19)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 20)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 22)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 22)
- Ncat segfault with -l --ssl < /dev/zero David Fifield (Feb 23)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 23)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 24)