Nmap Development mailing list archives
Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers
From: David Fifield <david () bamsoftware com>
Date: Tue, 17 Jul 2012 12:36:24 -0700
On Tue, Jul 17, 2012 at 02:30:22PM -0500, Daniel Miller wrote:
On Tue, Jul 17, 2012 at 11:39 AM, David Fifield <david () bamsoftware com> wrote:This looks fine to me, except for the change from weak/strong to A–F. If we're going to do that, let's discuss it and do ti as a separate patch. It needs new @output too. Please regenerate it with your Perl script; assign anything "A" to "strong" and everything else "weak". I'm curious to know if anything we had previously classified as "strong" is weak according to the SSL ratings. David FifieldI will do that. I'd like to keep a category for ciphers that do not encrypt or that do not authenticate. I'm calling it "broken" for now, but I'm open to suggestions. For clarification, here are the number of ciphers with each score currently: 3 unknown strength 263 A (strong) 21 D (weak) 13 E (weak) 59 F (broken)
+#!comment: CIPHER_SUITE STRENGTH SCORE +TLS_NULL_WITH_NULL_NULL broken F +TLS_RSA_WITH_NULL_MD5 broken F +TLS_RSA_WITH_NULL_SHA broken F +TLS_RSA_EXPORT_WITH_RC4_40_MD5 weak E So actually what I'm hoping for is for this commit not to break backward compatibility with existing copies of ssl-enum-ciphers.nse. Change the database format or whatever, but do it in a separate commit. This commit should only be to change the strength ratings in the database file. Functional changes, even the one to cache the cipher list, should be separate commits. The letter grades are kind of nice, but there shouldn't be a grade of "E". David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 16)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Patrik Karlsson (Jul 16)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers David Fifield (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers David Fifield (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 18)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Patrik Karlsson (Jul 16)