Nmap Development mailing list archives

Re: Script for supported ciphers?

From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Thu, 5 Feb 2009 09:45:28 -0000 (UTC)

Is there an nmap script to display what SSL ciphers / versions a server
will accept?  I could sure use one for my PCI compliance scanning...


Agreed, I'd find it quite useful too. At the moment I use a script to run
an external program every time Nmap identifies the use of SSL, being able
to do it with Nmap would be a great time saver.

It'd definitely be useful to identify support for SSLv2 for PCI scans
(although the Assessor Update: November 2008 [1] states that "The merchant
can enable SSL 2.0 or older for an initial handshake only to identify that
the browser requires to be updated. The merchant can then notify their
customers that a security update is required in those rare cases prior to
making an online purchase using a credit or debit card."), but I'd also
like to know about weak ciphers in general.

Rob

[1] https://www.pcisecuritystandards.org/pdfs/pcissc_assessors_nl_2008-11.pdf



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Script for supported ciphers? Corey Chandler (Feb 04)
- Re: Script for supported ciphers? David Fifield (Feb 04)
- Re: Script for supported ciphers? Rob Nicholls (Feb 05)
  - RE: Script for supported ciphers? Matthew Boyle (Feb 05)