Re: SSL/TLS Diffie-Hellman prime discovery script and a patch to TLS library

[Jacob Gajek <jgajek () gmail com>]

Hello All,

I recently put together a technical write-up on using Nmap to scan for weak
Diffie-Hellman groups in TLS services (there are still a lot of them out
there).  For those who enjoy that sort of thing, there is even a quick
run-down of the mathematical considerations involved in generating secure
DH modular integer group parameters.

http://www2.esentire.com/TLSUnjammedWP

Jacob

On Thu, Jun 4, 2015 at 3:14 PM, Jacob Gajek <jgajek () gmail com> wrote:

> Hello All,
>
> Here is a small NSE script for discovery of well-known SSL/TLS
> Diffie-Hellman primes, as exploited by the recent Logjam vulnerability.
>
> https://github.com/eSentire/nmap-esentire
>
> It is based on the excellent TLS library code from Daniel Miller.  I have
> attached a tiny patch to the TLS library code to fix DH parameter unpacking
> for (EC)DHE_PSK key exchange variants.
>
> As I am new to Nmap scripting and Lua, I may not have gotten things quite
> right to make it production-ready.  Any advice would be appreciated.
>
> Regards,
> Jacob Gajek
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/