Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] ssl-enum-ciphers hosed?

From: David Fifield <david () bamsoftware com>
Date: Mon, 15 Mar 2010 10:13:27 -0600
On Mon, Mar 15, 2010 at 09:01:46AM -0500, Mak Kolybabi wrote:

Dario Ciccarone wrote:

In all cases, a tcpdump DID show traffic coming & going - wireshark
tagged all SSL ClientHello as "malformed"


This was caused by a small bug in the placement of the protocol
version field of the ClientHello record. I had considered it part of
the header, instead of the body, and so the size of the record was
incorrect.


Well, don't know if this is a democracy or what, but yeah - my vote
would also go to "old, but working" over "shiny new, but failing" :)


The problem with the thorough method is that it's so slow as to be
impractical except for a couple of hosts. I'm writing a patch that
will have the fast default, but can be set using script-args to do the
slow-and-thorough method.


Thanks, Mak, for looking into this. I would like to avoid having two
different detection methods controlled by a script argument. If there
are differences in implementations and the faster method can be made to
work with them, just do that. If there's some fundamental limitation
that means the faster method can't ever be completely reliable, then
switch back to the slower method.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: