Nmap Development mailing list archives

Re: ssl-cert.nse error

From: David Fifield <david () bamsoftware com>
Date: Fri, 15 Oct 2010 23:03:47 -0700

On Wed, Oct 13, 2010 at 12:20:14AM -0400, Matt Selsky wrote:

Using latest nmap from svn...

$ ./nmap --script-trace -p 443 --datadir=. --script=ssl-cert google-search0

Starting Nmap 5.35DC18 ( http://nmap.org ) at 2010-10-13 00:15 EDT
NSOCK (0.3230s) SSL connection requested to 10.59.59.26:443/tcp (IOD #1) EID 9
NSOCK (0.4540s) EID 9 reconnecting with SSL_OP_NO_SSLv2
NSOCK (0.6160s) EID 9 error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message
NSOCK (0.6160s) Callback: SSL-CONNECT ERROR [Input/output error (5)] for EID 9 [10.59.59.26:443]
NSE: TCP 192.168.0.3:64619 > 10.59.59.26:443 | CONNECT
NSE: TCP 192.168.0.3:64619 > 10.59.59.26:443 | CLOSE
Nmap scan report for google-search0 (10.59.59.26)
Host is up (0.079s latency).
rDNS record for 10.59.59.26: google-search0
PORT    STATE SERVICE
443/tcp open  https
|_ssl-cert: ERROR

Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds

Openssl's s_client connects just fine though:

$ openssl s_client -connect google-search0:443 -quiet
depth=0 /CN=google-search0/OU=Information Technology/O=Columbia University/L=New York/ST=New York/C=US
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=google-search0/OU=Information Technology/O=Columbia University/L=New York/ST=New York/C=US
verify return:1

The web server does return a redirect for all requests if that makes
any difference:

HTTP/1.0 302 Found
Connection: Close
Location: http://www.columbia.edu/help/search.html
Content-Type: text/html
Content-Length: 0

How do I troubleshoot this further?


Is is just ssl-cert, or does it also happen with version detection?

Run "openssl s_client -debug" and see if there is any interesting
output, particularly the section that looks like

---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA

The line

NSOCK (0.4540s) EID 9 reconnecting with SSL_OP_NO_SSLv2


indicates that connecting in SSLv2-compatible mode didn't work, so it
feel back to SSLv3-only mode. That seems to be failing too.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

ssl-cert.nse error Matt Selsky (Oct 12)
- Re: ssl-cert.nse error David Fifield (Oct 15)
  - Re: ssl-cert.nse error Matt Selsky (Oct 16)
    - Re: ssl-cert.nse error Patrik Karlsson (Oct 16)