Nmap Development mailing list archives
Re: cipher support
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 12 Oct 2015 13:34:20 -0500
Robin, Nmap relies on the sslv2 NSE script [1] for SSLv2 detection and cipher enumeration. It does not require OpenSSL for any of these functions. The script will show the ciphers that the server provides; SSLv2 is different than SSLv3 and TLS in this regard, since the server sends a list of supported ciphers. The list of names that we can translate is admittedly sparse: only 8 ciphers listed. But any unsupported ones will be reported by number, so no real information is lost. Related, the ssl-enum-ciphers script also does not use OpenSSL to determine the list of supported ciphers. OpenSSL is used to parse the server certificate to extract necessary key strength information for determining the "score" of the handshake, but this is secondary to the cipher enumeration part of the script. Dan [1] https://nmap.org/nsedoc/scripts/sslv2.html On Mon, Oct 12, 2015 at 9:00 AM, Robin Wood <robin@digi.ninja> wrote:
I've been looking at SSL and found that both sslscan and nmap are missing SSLv2 ciphers. From looking at sslscan it needs to be built against a static version of openssl which is built to support SSLv2 and from a tweet by Dan Miller I assume nmap is the same, what is the best way to do this? Luckily I don't think I've not missed anything as Nessus has been catching all the SSLv2 that I've come across but I was wondering if it is worth adding something to the scripts that test for ciphers so they can warn the user if they are likely to miss ciphers due to the version of openssl in use? Robin _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- cipher support Robin Wood (Oct 12)
- Re: cipher support Daniel Miller (Oct 12)
- Re: cipher support Robin Wood (Oct 12)
- Re: cipher support Daniel Miller (Oct 12)
- Re: cipher support Robin Wood (Oct 12)
- Re: cipher support Robin Wood (Oct 12)
- Re: cipher support Daniel Miller (Oct 12)