Nmap Development mailing list archives
Re: ncat ssl bug
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 29 Jan 2016 13:57:01 -0600
Victor, Thank for this report. We recently looked [1] at Ncat's use of DH parameters because of the security fix in OpenSSL 1.0.2f. We found that Ncat does not do the necessary setup to use DH or ECDH ciphersuites. This means that we are not vulnerable to CVE-2016-0701, but it also means that ECDH and DH ciphersuites are not supported. I have added issue #290 [2] as an enhancement request for this functionality. Dan [1] http://issues.nmap.org/288 [2] http://issues.nmap.org/290 On Fri, Jan 29, 2016 at 4:47 AM, Gorbatiy1987 . <victor.gorbach () gmail com> wrote:
Hi, I've found out that ncat in listen with ssl mode doesn't use all available ciphers. I've used nmap enumerate cipher to double check, if use key --ssl-ciphers "ALL" only RSA ciphers available, if I use --ssl-ciphers "kECDH" nmap script doesn't show anything, and ncat server shows "no shared cipher" when I try connect with ssl application which use Elliptic Curves cipher. I check it on 7.01 on Linux Mint and on windows. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ncat ssl bug Gorbatiy1987 . (Jan 29)
- Re: ncat ssl bug Daniel Miller (Jan 29)