Nmap Development mailing list archives

Re: Proposed SSL version detection probe changes

From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Sat, 21 Mar 2009 13:12:34 +0100

On Sat, Feb 21, 2009 at 8:39 PM, Kristof Boeynaems
<kristof.boeynaems () gmail com> wrote:

Kristof Boeynaems wrote:

I did a more extensive survey (about 1000 SSL serving hosts), using the
ports you suggested (and the version probe file I submitted earlier), and
this time I found 7 non-SSL2-compatible services on 4 unique hosts:

995/tcp open   tlsv1-only
443/tcp open   tlsv1-only
993/tcp open   sslv3-only
995/tcp open   sslv3-only
465/tcp open   sslv3-only
993/tcp open   sslv3-only
995/tcp open   sslv3-only

That's out of 1885 total open services detected. In other words, about 0.4%
of the services found are non-SSLv2 compatible, and such services were found
on 0.4% of the hosts.



I would like to revisit the numbers above.

The results above are for 1000 random hosts with open services in the
SSL port range (43,465,636,990,995,993). These services are not
necessarily really SSL-enabled though.
So I think it is better to give the proportion of non-SSLv2 compatible
services/hosts out of all found services/hosts on which SSL was
detected. Also, it is interesting to show the detected SSLv2-only
servers.

That gives the following:

TOTAL: 558 SSL services on 372 hosts
Number of SSLv2 services: 0 (0 %) on 0 hosts (0 %)
Number of SSLv3 services: 30 (5.37 %) on 27 hosts (7.25 %)
Number of TLSv1 services: 521 (93.36 %) on 341 hosts (91.66 %)
Number of SSLv3-only services: 5 (.89 %) on 2 hosts (.53 %)
Number of TLSv1-only services: 2 (.35 %) on 2 hosts (.53 %)

A second test gives:

TOTAL: 472 SSL services on 342 hosts
Number of SSLv2 services: 0 (0 %) on 0 hosts (0 %)
Number of SSLv3 services: 17 (3.60 %) on 17 hosts (4.97 %)
Number of TLSv1 services: 451 (95.55 %) on 321 hosts (93.85 %)
Number of SSLv3-only services: 3 (.63 %) on 3 hosts (.87 %)
Number of TLSv1-only services: 1 (.21 %) on 1 hosts (.29 %)

The two tests above combined gives (all hosts are unique, so it is
essentially the sum of the two previous results):

TOTAL: 1030 SSL services on 714 hosts
Number of SSLv2 services: 0 (0 %) on 0 hosts (0 %)
Number of SSLv3 services: 47 (4.56 %) on 44 hosts (6.16 %)
Number of TLSv1 services: 972 (94.36 %) on 662 hosts (92.71 %)
Number of SSLv3-only services: 8 (.77 %) on 5 hosts (.70 %)
Number of TLSv1-only services: 3 (.29 %) on 3 hosts (.42 %)

In conclusion, about 1 percent of all detected SSL services (and 1% of
hosts) tested is non-SSLv2 compatible. It is also interesting to see
that none of the services/hosts tested was SSLv2-only.

Cheers,

Kristof

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: Proposed SSL version detection probe changes, (continued)
- - - Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 10)
    - Re: Proposed SSL version detection probe changes Fyodor (Feb 16)
    - Re: Proposed SSL version detection probe changes Fyodor (Feb 16)
    - Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
    - Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 17)
    - Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 17)
    - Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
    - Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
    - Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 18)
    - Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 21)
    - Re: Proposed SSL version detection probe changes Kristof Boeynaems (Mar 21)