Nmap Development mailing list archives
Re: TLS cipher strength diffs between nmap and SSL Labs
From: Christoph Gruber <list () guru at>
Date: Tue, 11 Aug 2020 12:32:28 +0200
Hi! Just my few cents on your question: Use the tools you mentioned to get the facts and a brief proposal how to categorise them, but please judge on your own following your needs and policies. There is no hard rule that says, this is secure, and that is not, the really important question is: Is it secure enough for my needs now? -- Christoph Gruber
Am 11.08.2020 um 02:16 schrieb Chen, Jerry G <Jerry.Chen () invesco com>: Hi – I used Qualys SSL Labs to test our company’s website. The results are here at https://www.ssllabs.com/ssltest/analyze.html?d=www.invesco.com&hideResults=on. It finds 12 ciphers used with only 2 being strong. <Picture (Device Independent Bitmap) 1.jpg> But when I use nmap to scan the site, all 12 ciphers are listed as strong. Do you know whose resultst are more accurate? Thanks! Jerrynmap -sV --script ssl-enum-ciphers -p 443 www.invesco.comStarting Nmap 6.40 ( http://nmap.org ) at 2020-07-28 12:04 CDT Nmap scan report for www.invesco.com (142.148.253.74) Host is up (0.0012s latency). PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache httpd | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: No supported ciphers found | TLSv1.1: No supported ciphers found | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_RSA_WITH_AES_256_GCM_SHA384 - strong | compressors: | NULL |_ least strength: strong Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.25 seconds **************************************************************** Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person(s) or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any device. **************************************************************** _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- TLS cipher strength diffs between nmap and SSL Labs Chen, Jerry G (Aug 10)
- Re: TLS cipher strength diffs between nmap and SSL Labs Christoph Gruber (Aug 11)
- Re: TLS cipher strength diffs between nmap and SSL Labs Matthew.Snyder (Aug 11)
- Re: TLS cipher strength diffs between nmap and SSL Labs Daniel Miller (Aug 27)
- Re: TLS cipher strength diffs between nmap and SSL Labs Christoph Gruber (Aug 11)