sslv2 script bug

[Matt Selsky <selsky () columbia edu>]

I'm using nmap svn trunk and scanning for SSLv2 servers:

$ ./nmap --datadir=. -sV -p 465 --script=sslv2  mailtest

Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-06-05 20:29 EDT
Nmap scan report for mailtest (192.168.59.245)
Host is up (0.00035s latency).
rDNS record for 192.168.59.245: mailtest
PORT    STATE SERVICE  VERSION
465/tcp open  ssl/smtp Sendmail 8.14.4/8.14.3/CUIT
|_sslv2: server still supports SSLv2
Service Info: OS: Unix

Service detection performed. Please report any incorrect results at 
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.13 seconds

I have the following configured in sendmail.cf

O CipherList=HIGH:MEDIUM:!ADH:-SSLv2

so SSLv2 should be disabled.

The openssl s_client command thinks SSLv2 is disabled.

$ openssl s_client -connect mailtest:465 -ssl2
CONNECTED(00000003)
depth=1 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=0 serialNumber = 5axfkuOwl1HyGb1IkKw3d7PAtJIo7Feu, C = US, ST = New 
York, L = New York, O = Columbia University, OU = Information Technology, 
CN = mailtest
verify return:1
3078604508:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher 
list:s2_clnt.c:450:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 892 bytes and written 50 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1275784302
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

How do I debug the problem with sslv2.nse?


Cheers,


--
Matt
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/