Nmap Development mailing list archives
Re: [NSE] HUGE ssl-enum-ciphers speed improvement
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 12 Jul 2012 17:53:59 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Dan, On 07/12/2012 04:37 PM, Daniel Miller wrote:
List, I've found a way to vastly improve the speed and efficiency of the ssl-enum-ciphers by letting the server choose ciphers instead of trying every single one. First, the numbers, based on a scan of nmap.org, port 443. Before: 858 Client Hello messages, 9.56s NSE time. After: 24 Client Hello messages, 3.07s NSE time.
I thought this sounded cool so I gave it a quick try against nmap.org and gmail.com: Unpatched: Nmap done: 2 IP addresses (2 hosts up) scanned in 20.16 seconds Patched: Nmap done: 2 IP addresses (2 hosts up) scanned in 4.64 seconds And the only difference I saw was the addition of DEFLATE with nmap.org as you mentioned. Nice.
Dan
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP/1WDAAoJEEQxgFs5kUfucyAP/39XvOKRxWp6ihx/uY4LND0E NdNpKby5rZj65823AvFq/6Pfus4J6+ngF7h2UOUen7g62i3UBwa8ywLzkvIqKQn7 MvonOGtmwRB3PdOaI1LtNEm4v1VHWXkGZBrw6vjtnTnkO0ufBtUOUBqqln/08Z9U fXj1fKRLceTAfvhCsDL7G+RCYgwuS+lr+VpPmTbAiNnrEjkQLu61cSDIeOlg7xnv NglcvimqzHfo93imVfvHDankwCk5WIC+r9kmKar5UYEJrzM6zOtlbUjrJDkCrJzz oI24TPWtcjv0zyvI639177nGGFag+Xuk9/F65mM70PhzldXujb6ZJA8C/ux5LRnU 1UdyZGErRW2BTqN9tpKIOTze9AayQDUnv6bUXClSb1ctRQJ7J0oajCDmnb1c+FK7 CcSK0mZs87QZBOiHTOstYb/2OrV0Zo9ufa1e68JnaxV1KurOZ9fguscGJ9i5a2ju PwZ54kxwaaLy9YkRR/MndnvI1BYgeOXUUWdAIV7tTg9/yyDcQNW9cpeRTQd4rlrj h9gbyBMptnZNaUuHfa0ttKwn4aYNqS1gtlvoR2ZJh1Oxoio4zuOuXBTe5FL4yFsx pB+WIy57v9z1lASNvTJ9p9+VHdv+ZJ9Ptehzaq4BFLnwzoEjbAqp1pmu9wQPs24a KsZON+Mu0NEq52YXgaxr =D0xj -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Matt Selsky (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Kris Katterjohn (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement David Fifield (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Message not available
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 12)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement David Fifield (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Daniel Miller (Jul 13)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Matt Selsky (Jul 15)
- Re: [NSE] HUGE ssl-enum-ciphers speed improvement Matt Selsky (Jul 12)