Nmap Development mailing list archives
[patch] ssl compressor check
From: Matt Selsky <selsky () columbia edu>
Date: Sun, 26 Jun 2011 16:17:29 -0400
ssl-enum-cipher doesn't handle the case where a non-NULL compressor is requested and the server returns NULL as the negotiated compressor (even though the client didn't list NULL as an option). I'm seeing this when scanning an IBM HTTP Server 1.3.26.1. The output looks like this: | ssl-enum-ciphers: | SSLv3 | Ciphers (2) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (3) | NULL | NULL | NULL It should look like: | ssl-enum-ciphers: | SSLv3 | Ciphers (2) | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_RC4_128_SHA | Compressors (1) | NULL The attached patch adds a check to make sure the negotiated compressor matches the requested compressor. Cheers,
Attachment:
ssl-enum-ciphers-matchcheck.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [patch] ssl compressor check Matt Selsky (Jun 26)