Nmap Development mailing list archives
Discussion of Ncat's SSL security choices
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 6 Jan 2015 21:32:00 -0600
List, In addition to bug reports and code submissions, we are using Github Issues to hold some todo items. One of those [1] is to "Audit or review Ncat's use of SSL/TLS." This is really less of an audit of the code, and more of a requirements solicitation. I need you all to put on your thinking caps and help decide how Ncat will handle things like: * Certificate verification * Protocol version (i.e. SSL3, TLS1.2, etc) selection * Certificate revocation checking Or anything else you can think of. This is an important decision, because the use of Ncat is not strictly opt-in any more: Red Hat has adopted Ncat as their default Netcat replacement. Keep this in mind when considering how the average sysadmin will use it, and what behaviors they may expect or require. Thanks for your time, Dan [1] https://github.com/nmap/nmap/issues/31
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Discussion of Ncat's SSL security choices Daniel Miller (Jan 06)
- Re: Discussion of Ncat's SSL security choices David Fifield (Jan 06)
- Re: Discussion of Ncat's SSL security choices Daniel Miller (Jan 06)
- Re: Discussion of Ncat's SSL security choices David Fifield (Jan 06)