Nmap Development mailing list archives
Re: ssl-enum-ciphers
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 2 Jun 2015 15:48:30 -0500
Dave, The length is the size in bits of the "p" portion of the DH parameters. For calculation purposes, it is converted to a RSA-equivalent key strength with the tls.rsa_equiv function [1]. Dan [1] https://nmap.org/nsedoc/lib/tls.html#rsa_equiv On Tue, Jun 2, 2015 at 10:09 AM, Dave Smith <agentsmith77 () gmail com> wrote:
Hi All, https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html Even the documentation page shows a sample output with a key exchange of "dh 256", i've seen this repeatedly coming up on a number of specific DHE ciphers which are not ECDHE (explaining such a low size). TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128) TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128) TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128) I tried to find a rational explanation for the difference between a RSA Kex and DH in the output , but didn't find it. Could someone confirm if this is expected behaviour, and the brief reason, or if it's misinterpreted by the script. This was run on w2008 r2, with SVN 34457 thanks, Dave. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssl-enum-ciphers Dave Smith (Jun 02)
- Re: ssl-enum-ciphers Daniel Miller (Jun 02)
- Re: ssl-enum-ciphers Daniel Miller (Jun 02)
- Re: ssl-enum-ciphers Daniel Miller (Jun 02)