Re: tls-nextprotoneg.nse and duckduckgo.com:443

[Daniel Miller <bonsaiviking () gmail com>]

On Fri, Nov 14, 2014 at 7:22 PM, Jacek Wielemborek <d33tah () gmail com> wrote:

> Hi,

> Below is the -d9 log - I modified the script's debug "Server response
> was not server_hello." message. By the way, isn't the "Raw packets sent"
> message a bit confusing since --script="tls-nextprotoneg" generated much
> more than 44 bytes of IP data? Perhaps something along the lines of
> "(not including packets generated by connect())" would be appropriate
> there.
It's an accurate count of *raw* packets. I'm not sure how helpful that
metric is, but it's truthful anyway.


> $ nmap 176.34.131.233 -p 443 --script="tls-nextprotoneg" -d9 -Pn -n 2>&1


> Starting Nmap 6.45 ( http://nmap.org ) at 2014-11-15 02:18 CET

Have you tried a more recent version? I know that we added more
ciphersuites to the handshake recently (
http://seclists.org/nmap-dev/2014/q3/119), plus there have been parsing
improvements in tls.lua

Dan

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/