Re: [NSE] Extended ssl-enum-ciphers script

["Bojan Zdrnja (SANS ISC)" <bojan.isc () gmail com>]

Hi Daniel,


On Tue, Aug 12, 2014 at 4:50 AM, Daniel Miller <bonsaiviking () gmail com>
wrote:

> Bojan and List,
>
> ssl-enum-ciphers now fully supports ordering of ciphersuites by server
> preference: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
>
> David sent me some previous work he had done on this problem, and I was
> able to integrate it into the current version of the script. SVN revisions
> r33474 - r33483 contain the relevant changes. Some salient points:
>
> * Detects and reports whether the server uses the client's ordering or the
> server's ordering preference for cipher suites
> * Works around a couple bugs in SSL servers which previously caused some
> cipher suites to be missed (r33477, r33482)
> * Sets timeouts based on portscan-phase results (as discussed here:
> http://seclists.org/nmap-dev/2014/q3/188)
> * Uses merge sort (not quicksort as I had suggested) to properly sort
> ciphers by server preference. Worst-case performance ought to be similar to
> my best-case guesstimates.
Cool stuff :)

Btw, according to this article that I later found:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx
Schannel on Windows supports a total of 55 ciphers (30 by default and 25
that have to be added), so with a normal setup on Windows there should
never be a case when more than 64 ciphers are supported.

Cheers,

Bojan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/