Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers

[Daniel Miller <bonsaiviking () gmail com>]

On 07/16/2012 02:30 PM, Patrik Karlsson wrote:
> Have you looked at SSL Labs SSL Server Rating Guide?
> https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide_2009.pdf
>
> //Patrik
> --
> Patrik Karlsson
> http://www.cqure.net
> http://twitter.com/nevdull77

I looked at this guide; it's a great source of information. It made me 
realize that a lot more goes into TLS security than just the cipher 
suite choice: Server certificate key length, DH prime choices, and 
protocol (SSLv3, TLSv1.0, etc) are all inputs that Qualys uses that we 
don't. Fortunately, there was enough information there to make a fairly 
accurate approximation of the A through F score. To do this, I wrote a 
simple Perl script (https://gist.github.com/3130353) and did a quick 
sanity check on the results. New patch (not reversed this time!) is 
attached.

Also in this patch I added caching of the ssl-ciphers rankings, so now 
the file will only need to be read once per scan, instead of every time 
the script runs.

Dan

Attachment: ssl-ciphers.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/