Re: nmap does not list ciphers consistently

[nnposter <nnposter () users sourceforge net>]

On 1/30/18 2:24 AM,  NAYAK, ANIL KUMAR wrote:
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Can'tconnect: TIMEOUT
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocolmismatch (received TLSv1.0)
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocolmismatch (received TLSv1.0)
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocolmismatch (received TLSv1.0)
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocolmismatch (received TLSv1.0)
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.0) Can'tconnect: TIMEOUT
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.1) Can'tconnect: TIMEOUT
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.1) Protocolmismatch (received TLSv1.0)
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.1) Protocolmismatch (received TLSv1.0)
> NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.2) Can'tconnect: TIMEOUT

It is possible that your scan might be exceeding the performance limit
of your target (not the network). Try slowing the scan down by adding
-T1 and probing only one port at a time. (As an example, I always use
-T1 or -T2 when running nmap scripts against IoT devices.)

Another possibility is that the target does not handle concurrent access
in general, either due to its technical limitations or some defensive
rate-limiting control.

Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/