Nmap Development mailing list archives

Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script

From: Rob Nicholls <robert () robnicholls co uk>
Date: Sat, 20 Feb 2010 10:17:07 +0000

On Fri, 19 Feb 2010 13:58:56 -0700, David Fifield <david () bamsoftware com>
wrote:

(As an aside, Ncat is supposed to use only strong ciphers; does this
look right to people who know? The only one that looks like it might not
fit to me is RC4.)


The RC4 cipher is 128 bit, so that's still considered strong in most
people's opinion.

The main things to avoid seem to be SSLv2, ciphers below 128 bit, and
arguably anything MD5 based.

I tried it against a server that supports anonymous ciphers, and my own
server, and the output looked good and accurate in both cases.

I agree that the name should be changed. Maybe ssl-enum-ciphers.


When I copied it to my scripts folder I renamed it to that too. It fits
with existing scripts such as the http and smb script names.

Rob

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 16)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 17)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 19)
  - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 20)
  - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 22)
    - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 22)
    - Ncat segfault with -l --ssl < /dev/zero David Fifield (Feb 23)
    - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 23)
    - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 24)