Nmap Development mailing list archives
Re: [patch] ssl compressor check
From: David Fifield <david () bamsoftware com>
Date: Wed, 14 Sep 2011 11:21:51 -0700
On Sun, Jun 26, 2011 at 04:17:29PM -0400, Matt Selsky wrote:
ssl-enum-cipher doesn't handle the case where a non-NULL compressor is requested and the server returns NULL as the negotiated compressor (even though the client didn't list NULL as an option). I'm seeing this when scanning an IBM HTTP Server 1.3.26.1. The output looks like this: | ssl-enum-ciphers: | SSLv3 | Ciphers (2) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (3) | NULL | NULL | NULL It should look like: | ssl-enum-ciphers: | SSLv3 | Ciphers (2) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | NULL The attached patch adds a check to make sure the negotiated compressor matches the requested compressor.
Applied, thanks for the explanation. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [patch] ssl compressor check David Fifield (Sep 14)