Nmap Development mailing list archives
Re: Proposed SSL version detection probe changes
From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Sat, 21 Mar 2009 13:12:34 +0100
On Sat, Feb 21, 2009 at 8:39 PM, Kristof Boeynaems <kristof.boeynaems () gmail com> wrote:
Kristof Boeynaems wrote: I did a more extensive survey (about 1000 SSL serving hosts), using the ports you suggested (and the version probe file I submitted earlier), and this time I found 7 non-SSL2-compatible services on 4 unique hosts: 995/tcp open tlsv1-only 443/tcp open tlsv1-only 993/tcp open sslv3-only 995/tcp open sslv3-only 465/tcp open sslv3-only 993/tcp open sslv3-only 995/tcp open sslv3-only That's out of 1885 total open services detected. In other words, about 0.4% of the services found are non-SSLv2 compatible, and such services were found on 0.4% of the hosts.
I would like to revisit the numbers above. The results above are for 1000 random hosts with open services in the SSL port range (43,465,636,990,995,993). These services are not necessarily really SSL-enabled though. So I think it is better to give the proportion of non-SSLv2 compatible services/hosts out of all found services/hosts on which SSL was detected. Also, it is interesting to show the detected SSLv2-only servers. That gives the following: TOTAL: 558 SSL services on 372 hosts Number of SSLv2 services: 0 (0 %) on 0 hosts (0 %) Number of SSLv3 services: 30 (5.37 %) on 27 hosts (7.25 %) Number of TLSv1 services: 521 (93.36 %) on 341 hosts (91.66 %) Number of SSLv3-only services: 5 (.89 %) on 2 hosts (.53 %) Number of TLSv1-only services: 2 (.35 %) on 2 hosts (.53 %) A second test gives: TOTAL: 472 SSL services on 342 hosts Number of SSLv2 services: 0 (0 %) on 0 hosts (0 %) Number of SSLv3 services: 17 (3.60 %) on 17 hosts (4.97 %) Number of TLSv1 services: 451 (95.55 %) on 321 hosts (93.85 %) Number of SSLv3-only services: 3 (.63 %) on 3 hosts (.87 %) Number of TLSv1-only services: 1 (.21 %) on 1 hosts (.29 %) The two tests above combined gives (all hosts are unique, so it is essentially the sum of the two previous results): TOTAL: 1030 SSL services on 714 hosts Number of SSLv2 services: 0 (0 %) on 0 hosts (0 %) Number of SSLv3 services: 47 (4.56 %) on 44 hosts (6.16 %) Number of TLSv1 services: 972 (94.36 %) on 662 hosts (92.71 %) Number of SSLv3-only services: 8 (.77 %) on 5 hosts (.70 %) Number of TLSv1-only services: 3 (.29 %) on 3 hosts (.42 %) In conclusion, about 1 percent of all detected SSL services (and 1% of hosts) tested is non-SSLv2 compatible. It is also interesting to see that none of the services/hosts tested was SSLv2-only. Cheers, Kristof _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Proposed SSL version detection probe changes, (continued)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 10)
- Re: Proposed SSL version detection probe changes Fyodor (Feb 16)
- Re: Proposed SSL version detection probe changes Fyodor (Feb 16)
- Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 17)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 17)
- Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
- Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 18)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 21)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Mar 21)