Nmap Development mailing list archives

Re: ncat ssl bug

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 29 Jan 2016 13:57:01 -0600

Victor,

Thank for this report. We recently looked [1] at Ncat's use of DH
parameters because of the security fix in OpenSSL 1.0.2f. We found that
Ncat does not do the necessary setup to use DH or ECDH ciphersuites. This
means that we are not vulnerable to CVE-2016-0701, but it also means that
ECDH and DH ciphersuites are not supported. I have added issue #290 [2] as
an enhancement request for this functionality.

Dan

[1] http://issues.nmap.org/288
[2] http://issues.nmap.org/290

On Fri, Jan 29, 2016 at 4:47 AM, Gorbatiy1987 . <victor.gorbach () gmail com>
wrote:

Hi, I've found out that ncat in listen with ssl mode doesn't use all
available ciphers.
I've used nmap enumerate cipher to double check, if use key --ssl-ciphers
"ALL" only RSA ciphers available, if I use --ssl-ciphers "kECDH" nmap
script doesn't show anything, and ncat server shows "no shared cipher" when
I try connect with ssl application which use Elliptic Curves cipher.
I check it on 7.01 on Linux Mint and on windows.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

ncat ssl bug Gorbatiy1987 . (Jan 29)
- Re: ncat ssl bug Daniel Miller (Jan 29)