Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

ssl-date has no ciphers in common with ncat --ssl

From: David Fifield <david () bamsoftware com>
Date: Sat, 8 Sep 2012 08:33:56 -0700
I tried running ssl-date against ncat --ssl, and it didn't work because
ssl-date doesn't offer any of the ciphers supported by Ncat (which omits
some weak ciphers).

$ ncat --ssl -l 8443 -k
$ nmap --script=ssl-date localhost -p 8443 -d


From Wireshark I see that ssl-date is offering

        TLS_ECDHE_RSA_WITH_RC4_128_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_RC4_128_MD5
and from ssl-enum-ciphers I see this list from Ncat:
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_SEED_CBC_SHA

With the attached patch, which adds TLS_RSA_WITH_AES_128_CBC_SHA, I was
able to get it to work. What's a good reasonable default set of ciphers
to offer?

David Fifield

Attachment: ssl-date-TLS_RSA_WITH_AES_128_CBC_SHA.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: