Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL support in Ncat - confusing server parameters

From: David Fifield <david () bamsoftware com>
Date: Fri, 27 Feb 2009 18:31:34 -0700
On Tue, Feb 17, 2009 at 10:08:37PM -0700, David Fifield wrote:

On Sat, Feb 07, 2009 at 12:06:17PM +0100, Kristof Boeynaems wrote:

-------------------------------------------------------------------------
1. Ncat as SSL server - confusing parameters
-------------------------------------------------------------------------
The only way I could Ncat get to work as SSL server is by specifying
all the SSL parameters, that is, not only --ssh, but also --ssl-key
and --ssl-cert.
E.g.

  ./ncat --ssl -l 1111 --ssl-cert
/usr/share/doc/libssl-dev/demos/sign/cert.pem --ssl-key
/usr/share/doc/libssl-dev/demos/sign/key.pem

(Note that I am using a certificate and key that comes with libssl-dev)

Now, the fact that the cert and key parameters have to be specified as
well, might sound obvious to SSL experts, but I forgot this in first
instance, and that returns some obscure errors, depending on the SSL
client used to connect to the Ncat server.


Maybe we should give instructions for generating a key and certificate,
either in the warning message or in the documentation. I used this
command to generate files for testing:

openssl req -new -x509 -keyout test-key.pem -out test-cert.pem

Is that all that's necessary, or should that command be adjusted before
being committed to documentation? OpenSSL experts?


I added that command to the SSL section.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: