Re: [NSE] HUGE ssl-enum-ciphers speed improvement

[Daniel Miller <bonsaiviking () gmail com>]

On Fri, Jul 13, 2012 at 4:00 AM, Martyn Tovey <martyn () netcraft com> wrote:
> Hi Daniel,
>
> When I was playing with this stuff a few years back, I found that some SSL
> implementations (Windows
> being one of them, if I remember correctly) only look at the first 64
> ciphers from the client. Try breaking the cipher list into smaller chunks
> and let me know if that gives the same results as the slow (but accurate)
> method.
>
> Cheers,
>
> M.
>
> --
> Martyn Tovey
> Netcraft, 2 Belmont, BATH, Somerset, BA1 5DZ, UK.

Martyn,

Thanks for this information! I tried it quickly this morning and found
that it works for at least TLSv1.0 against
windowsupdate.microsoft.com. I have some more cleaning up of the
script to do (perhaps thread each chunk of 64, remove debug
statements, tweak the compressor detection), then I'll run a more
thorough test.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/