Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] ssl-enum-ciphers hosed?

From: Ron <ron () skullsecurity net>
Date: Fri, 12 Mar 2010 11:38:48 -0600
Mak hosed his laptop this week (twice :) ), so he's been working on fixing it. He plans to be back in business this 
weekend. I passed the message on, he'll sort it out as soon as he can. 

On Fri, 12 Mar 2010 11:27:57 -0600 "Dario Ciccarone (dciccaro)"
<dciccaro () cisco com> wrote:

Well, don't know if this is a democracy or what, but yeah - my vote
would also go to "old, but working" over "shiny new, but failing" :)

I have to get me a t-shirt: "What would Donald Knuth say?" :)
 


-----Original Message-----
From: Rob Nicholls [mailto:robert () robnicholls co uk] 
Sent: Friday, March 12, 2010 12:24 PM
To: Dario Ciccarone (dciccaro); nmap-dev () insecure org
Subject: RE: [NSE] ssl-enum-ciphers hosed?

I emailed Mak 2-3 weeks ago to let him know that I was having 
similar issues
with the faster version of the script (I could see my 
certificate being
returned in Nmap's packet trace, but the script wasn't 
reporting anything)
against my own web server; the original version worked fine, 
albeit quite
slowly. He said he'd fixed it to return some ciphers (possibly the
SVN version you tried?), but "it still can't return all seven 
that ssllabs.com
and the old version of my script report".

I was hoping Mak would find time to quickly fix it, but 
perhaps the SVN
version should go back to the original version of the script? 
I'd rather
have slow and accurate results than something fast and buggy.

Rob

-----Original Message-----
From: nmap-dev-bounces () insecure org 
[mailto:nmap-dev-bounces () insecure org]
On Behalf Of Dario Ciccarone (dciccaro)
Sent: 12 March 2010 16:39
To: nmap-dev () insecure org
Subject: [NSE] ssl-enum-ciphers hosed?

Folks:

    Test setup: (1) OpenSUSE Linux 11.1 x86, patched as of
today.
(2) Mac running 10.5.8, all patches as of this writing. Nmap 5.21,
freshly built today from source, on Linux & OS/X - downloaded from
nmap.org - also tried nmap 4.85BETA3 on the OS/X machine.

    Downloaded NSE script "ssl-enum-ciphers" from
http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html - run it
against test server @ lab, couple other servers - in all cases, it 
would either
return "nothing", or something like "40,483 compression 
supported" - and
listing "uncompressed" 40K times or so. Or would hang there for a
loooong time and basically sit there.

    In all cases, a tcpdump DID show traffic coming & going -
wireshark tagged all SSL ClientHello as "malformed" - but
anyhow . . .

    Grabbed the original version, from Mak, the one he had
attached to his email on 02/16 - using that one, it takes seconds
to scan, and does produce meaningful results (though wireshark
still complains about
malformed Hellos)

    Should be easy to repro in the lab - ssl-enum-ciphers ==
doesn't work, sslv3-enum == does work.

    Thanks,
    Dario


    
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: