Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[patch] ssl compressor check

From: Matt Selsky <selsky () columbia edu>
Date: Sun, 26 Jun 2011 16:17:29 -0400
ssl-enum-cipher doesn't handle the case where a non-NULL compressor is requested and the server returns NULL as the 
negotiated compressor (even though the client didn't list NULL as an option).  I'm seeing this when scanning an IBM 
HTTP Server 1.3.26.1.

The output looks like this:

| ssl-enum-ciphers: 
|   SSLv3
|     Ciphers (2)
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (3)
|       NULL
|       NULL
|       NULL

It should look like:

| ssl-enum-ciphers: 
|   SSLv3
|     Ciphers (2)
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|       NULL

The attached patch adds a check to make sure the negotiated compressor matches the requested compressor.

Cheers,

Attachment: ssl-enum-ciphers-matchcheck.patch
Description: 





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: