Nmap Development mailing list archives
Re: [NSE] HUGE ssl-enum-ciphers speed improvement
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 12 Jul 2012 17:27:40 -0500
On 07/12/2012 05:09 PM, Matt Selsky wrote:
On Thu, Jul 12, 2012 at 5:37 PM, Daniel Miller <bonsaiviking () gmail com> wrote:I've found a way to vastly improve the speed and efficiency of the ssl-enum-ciphers by letting the server choose ciphers instead of trying every single one. First, the numbers, based on a scan of nmap.org, port 443. Before: 858 Client Hello messages, 9.56s NSE time. After: 24 Client Hello messages, 3.07s NSE time.I get the similar times with and without the patch. Though with the patch, the script now detects that the server supports compression. Unpatched: Completed NSE at 18:07, 1.81s elapsed Patched: Completed NSE at 18:07, 1.77s elapsed Cheers, Matt
Matt,I'm surprised at this. Can you tell me anything else about your environment or the server (how many ciphers supported, for instance) that might explain it? Unlike the original version, mine slows in proportion to the number of ciphers supported. Here's some example runs against a set of Internet hosts (gmail.com facebook.com nmap.org github.com firstnational.com en.wikipedia.org):
Unpatched: 6 IP addresses (6 hosts up) scanned in 93.40 seconds Patched: 6 IP addresses (6 hosts up) scanned in 18.47 seconds Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Matt Selsky (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Kris Katterjohn (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement David Fifield (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Message not available
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement David Fifield (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Matt Selsky (Jul 15)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Matt Selsky (Jul 12)