Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] HUGE ssl-enum-ciphers speed improvement

From: Matt Selsky <selsky () columbia edu>
Date: Thu, 12 Jul 2012 18:09:59 -0400
On Thu, Jul 12, 2012 at 5:37 PM, Daniel Miller <bonsaiviking () gmail com> wrote:


I've found a way to vastly improve the speed and efficiency of the
ssl-enum-ciphers by letting the server choose ciphers instead of trying
every single one. First, the numbers, based on a scan of nmap.org, port 443.
Before: 858 Client Hello messages, 9.56s NSE time. After: 24 Client Hello
messages, 3.07s NSE time.


I get the similar times with and without the patch.  Though with the
patch, the script now detects that the server supports compression.

Unpatched: Completed NSE at 18:07, 1.81s elapsed
Patched: Completed NSE at 18:07, 1.77s elapsed

Cheers,
Matt
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: