Nmap Development mailing list archives
Re: ssl-enum-ciphers with just hostname fails
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 25 Oct 2014 21:45:02 -0500
On Sat, Oct 25, 2014 at 4:17 PM, Kent Fritz <kfritz () wolfman devio us> wrote:
I couldn't get top-of-tree to build in my environment, and the latest script wouldn't run on 6.47, but the patch did apply on the 6.47 version. But it didn't fix the problem. I'll send you the capture I mentioned off-list.
Kent, Thanks for bearing with me on this. I looked over the packet capture you sent, and I think I identified the problem: an off-by-one error in reading TLS records! Here's a 1-line patch to possibly fix the problem; let me know if this works for you (you may have to manually make the change depending on line numbers, but the code surrounding it should not have changed much): diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse index ac32533..c3b4b5c 100644 --- a/scripts/ssl-enum-ciphers.nse +++ b/scripts/ssl-enum-ciphers.nse @@ -206,7 +206,7 @@ local function try_params(host, port, t) sock:close() return record end - buffer = buffer:sub(i+1) + buffer = buffer:sub(i) end end Please let me know if this solves the problem for you. It may very well solve a lot of problems for unrelated issues, too. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssl-enum-ciphers with just hostname fails Kent Fritz (Oct 24)
- Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 24)
- Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 24)
- Re: ssl-enum-ciphers with just hostname fails Kent Fritz (Oct 25)
- Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 25)
- Re: ssl-enum-ciphers with just hostname fails Kent Fritz (Oct 26)
- Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 24)
- Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 24)