Nmap Development mailing list archives
Re: [NSE] Extended ssl-enum-ciphers script
From: "Bojan Zdrnja (SANS ISC)" <bojan.isc () gmail com>
Date: Tue, 12 Aug 2014 11:15:02 +0200
Hi Daniel, On Tue, Aug 12, 2014 at 4:50 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
Bojan and List, ssl-enum-ciphers now fully supports ordering of ciphersuites by server preference: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html David sent me some previous work he had done on this problem, and I was able to integrate it into the current version of the script. SVN revisions r33474 - r33483 contain the relevant changes. Some salient points: * Detects and reports whether the server uses the client's ordering or the server's ordering preference for cipher suites * Works around a couple bugs in SSL servers which previously caused some cipher suites to be missed (r33477, r33482) * Sets timeouts based on portscan-phase results (as discussed here: http://seclists.org/nmap-dev/2014/q3/188) * Uses merge sort (not quicksort as I had suggested) to properly sort ciphers by server preference. Worst-case performance ought to be similar to my best-case guesstimates.
Cool stuff :) Btw, according to this article that I later found: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx Schannel on Windows supports a total of 55 ciphers (30 by default and 25 that have to be added), so with a normal setup on Windows there should never be a case when more than 64 ciphers are supported. Cheers, Bojan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 11)
- Re: [NSE] Extended ssl-enum-ciphers script Royce Williams (Aug 11)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Royce Williams (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script David Fifield (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)