Nmap Development mailing list archives
ssl-date has no ciphers in common with ncat --ssl
From: David Fifield <david () bamsoftware com>
Date: Sat, 8 Sep 2012 08:33:56 -0700
I tried running ssl-date against ncat --ssl, and it didn't work because ssl-date doesn't offer any of the ciphers supported by Ncat (which omits some weak ciphers). $ ncat --ssl -l 8443 -k $ nmap --script=ssl-date localhost -p 8443 -d
From Wireshark I see that ssl-date is offering
TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 and from ssl-enum-ciphers I see this list from Ncat: TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_SEED_CBC_SHA With the attached patch, which adds TLS_RSA_WITH_AES_128_CBC_SHA, I was able to get it to work. What's a good reasonable default set of ciphers to offer? David Fifield
Attachment:
ssl-date-TLS_RSA_WITH_AES_128_CBC_SHA.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssl-date has no ciphers in common with ncat --ssl David Fifield (Sep 08)