Nmap Development mailing list archives
Re: sslv2 script bug
From: David Fifield <david () bamsoftware com>
Date: Fri, 18 Jun 2010 14:52:21 -0600
On Sat, Jun 05, 2010 at 08:35:31PM -0400, Matt Selsky wrote:
I'm using nmap svn trunk and scanning for SSLv2 servers: $ ./nmap --datadir=. -sV -p 465 --script=sslv2 mailtest Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-06-05 20:29 EDT Nmap scan report for mailtest (192.168.59.245) Host is up (0.00035s latency). rDNS record for 192.168.59.245: mailtest PORT STATE SERVICE VERSION 465/tcp open ssl/smtp Sendmail 8.14.4/8.14.3/CUIT |_sslv2: server still supports SSLv2 Service Info: OS: Unix Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 19.13 seconds I have the following configured in sendmail.cf O CipherList=HIGH:MEDIUM:!ADH:-SSLv2 so SSLv2 should be disabled. The openssl s_client command thinks SSLv2 is disabled. $ openssl s_client -connect mailtest:465 -ssl2 CONNECTED(00000003) depth=1 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=0 serialNumber = 5axfkuOwl1HyGb1IkKw3d7PAtJIo7Feu, C = US, ST = New York, L = New York, O = Columbia University, OU = Information Technology, CN = mailtest verify return:1 3078604508:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 892 bytes and written 50 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1275784302 Timeout : 300 (sec) Verify return code: 0 (ok) --- How do I debug the problem with sslv2.nse?
Is there any way you can get a capture of the server traffic? We can see what the script is detecting and what else it should look for. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- sslv2 script bug Matt Selsky (Jun 05)
- Re: sslv2 script bug Thierry Zoller (Jun 12)
- Re: sslv2 script bug David Fifield (Jun 18)