Nmap Development mailing list archives
Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm
From: David Fifield <david () bamsoftware com>
Date: Sat, 11 Oct 2014 16:30:50 -0700
On Sat, Oct 11, 2014 at 06:24:25PM -0500, Tom Sellers wrote:
All, There's been a lot of press recently about Google and Mozilla becoming more aggressive about how they handle x509 certificates that have been signed using SHA-1. To assist with detecting SHA-1 signed certificates I have created and attached a patch that adds the signature algorithm that was used to sign the target's x509 certificate to the output of the 'ssl-cert.nse'. I am not a C coder so the modifications to 'nse_ssl_cert.cc' may need a bit of tweaking. Also, the ordering of elements may need to be adjusted. To reduce user confusion I purposely did not place the Signature Algorithm output near the MD5 and SHA-1 hashes. Those values are 'fingerprints', or for Microsoft products: thumbprints, and are generated by ssl-cert.nse.
Cool, what are the possible outputs? You have sha256WithRSAEncryption and ecdsa-with-SHA384; what values should someone auditing for SHA-1 look for? Be sure to update the @output and @xmloutput sections in the documentation. David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm Tom Sellers (Oct 11)
- Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm David Fifield (Oct 11)
- Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm Tom Sellers (Oct 11)
- Fwd: Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm Tom Sellers (Oct 25)
- Re: Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm Daniel Miller (Oct 25)
- Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm Tom Sellers (Oct 11)
- Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm David Fifield (Oct 11)