Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers

From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 16 Jul 2012 21:30:17 +0200
On Mon, Jul 16, 2012 at 9:00 PM, Daniel Miller <bonsaiviking () gmail com>wrote:


List,

As I was wrapping up work on ssl-enum-ciphers, I decided to add to the
existing cipher strength rankings in nselib/data/ssl-ciphers. Previously,
this file only contained ciphers ranked "strong." I added cipher suites
that could be classified as "weak" (based on export-grade crypto),
"no_authentication" (aNULL or Anonymous DH), "no_encryption" (eNULL), and
various combinations of these. I also spent a little time cleaning up the
ranking code, but no functional changes there.

I'm attaching the patch for this change, so any feedback would be helpful,
especially additional ciphers to consider "strong," since many were added
since the original list was put together. Thanks!

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



Have you looked at SSL Labs SSL Server Rating Guide?
https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide_2009.pdf

//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: