Nmap Development mailing list archives
Re: some ssl version scanning not working [patch]
From: Matt Selsky <selsky () columbia edu>
Date: Sun, 23 Jan 2011 13:28:41 -0500
SSL is detected as TLS 1.0. This doesn't match openssl's s_client. For that application, I need to explicitly disable TLSv1 via -no_tls1, or I need to specify SSLv3 only via -ssl3. s_client cannot connect when it tries the default SSLv2/v3 behavior.
This patch doesn't fix the SSL version being incorrectly detected as TLSv1 instead of SSLv3, but it will retry a connection without TLSv1, similar to the retry without SSLv2 option already in handle_connect_result(). Let me know what you think. -- Matt
Attachment:
try-without-tlsv1.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: some ssl version scanning not working David Fifield (Jan 01)
- Re: some ssl version scanning not working Matt Selsky (Jan 03)
- Re: some ssl version scanning not working David Fifield (Jan 03)
- Re: some ssl version scanning not working Matt Selsky (Jan 23)
- Re: some ssl version scanning not working [patch] Matt Selsky (Jan 23)
- Re: some ssl version scanning not working David Fifield (Jan 03)
- Re: some ssl version scanning not working Matt Selsky (Jan 03)