Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proposed SSL version detection probe changes

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 17 Feb 2009 22:02:19 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 17 Feb 2009 22:55:50 +0100
Kristof Boeynaems <kristof.boeynaems () gmail com> wrote:


I put together some custom nmap-service-probes file for the purpose
of detecting such sslv3-only or tlsv1-only services (which are
currently not supported by Nsock), and used it to perform a quick
survey on about 1000 HTTPS web servers. I was not able to find a
single sslv3-only or tlsv1-only host. Seems that SSL-enabled
webservers are (almost) always SSLv2-compatible, which is maybe not
so surprising. Nevertheless, that makes me even more curious to that
3% Brandon talked about. Which ports where these services running on?

Thanks,

Kristof


I was surveying 443, 465, 636, 990, 993 and 995.  If I get a moment to
breath today I'll do a survey of those ports across campus and report
the number of non-v2 services.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmbM+sACgkQqaGPzAsl94I/rACeJWQXiDBmdlh7tzkUw9VoS2uJ
xpAAn3H0rbyl0yPpkFvru/ZT0Sq1dWBe
=pO4D
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: