Nmap Development mailing list archives

Re: some ssl version scanning not working [patch]

From: Matt Selsky <selsky () columbia edu>
Date: Sun, 23 Jan 2011 13:28:41 -0500

SSL is detected as TLS 1.0.

This doesn't match openssl's s_client.  For that application, I need to explicitly disable TLSv1 via -no_tls1, or I 
need to specify SSLv3 only via -ssl3.  s_client cannot connect when it tries the default SSLv2/v3 behavior.


This patch doesn't fix the SSL version being incorrectly detected as TLSv1 instead of SSLv3, but it will retry a 
connection without TLSv1, similar to the retry without SSLv2 option already in handle_connect_result().

Let me know what you think.


-- 
Matt

Attachment: try-without-tlsv1.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: some ssl version scanning not working David Fifield (Jan 01)
- Re: some ssl version scanning not working Matt Selsky (Jan 03)
  - Re: some ssl version scanning not working David Fifield (Jan 03)
    - Re: some ssl version scanning not working Matt Selsky (Jan 23)
    - Re: some ssl version scanning not working [patch] Matt Selsky (Jan 23)