Nmap Development mailing list archives
[NSE] More cipher suites needed in ssl-date
From: nnposter () users sourceforge net
Date: Tue, 22 Jul 2014 21:27:25 +0000
The current version of ssl-date.nse supports only the following three cipher suites: TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 This restriction is causing issues when used against older Windows systems because they support only the RSA key exchange. This leaves us only with RC4+MD5, which is unreliable because targets tend to have it disabled due to using MD5 or because of the problematic RC4 or simply because the cipher suite is not FIPS-compliant. I am proposing to add a fourth cipher suite that: * Maintains key exchange compatibility by using the RSA key exchange * Is compliant with FIPS (and inherently avoids both RC4 and MD5) The obvious candidate is TLS_RSA_WITH_3DES_EDE_CBC_SHA. Cheers, nnposter Patch against revision 33299 follows: --- scripts/ssl-date.nse.orig 2014-07-22 14:33:19.941974300 -0600 +++ scripts/ssl-date.nse 2014-07-22 14:48:18.570974300 -0600 @@ -59,6 +59,7 @@ ["ciphers"] = { "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_RC4_128_MD5", }, ["compressors"] = {"NULL"}, _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] More cipher suites needed in ssl-date nnposter (Jul 22)
- Re: [NSE] More cipher suites needed in ssl-date Daniel Miller (Jul 22)
- Re: [NSE] More cipher suites needed in ssl-date nnposter (Jul 22)
- Re: [NSE] More cipher suites needed in ssl-date Daniel Miller (Jul 22)
- Re: [NSE] More cipher suites needed in ssl-date nnposter (Jul 22)
- Re: [NSE] More cipher suites needed in ssl-date Daniel Miller (Jul 22)