Re: [NSE] ssl-enum-ciphers idea

[Daniel Miller <bonsaiviking () gmail com>]

On Sat, Jul 28, 2012 at 6:02 AM, Aleksandar Nikolic
<nikolic.alek () gmail com> wrote:
> Hi all,
>
> I've started working on ssl-date script which gets time from the server
> which we get in reply for ClientHello.
>
> I took a look at ssl-enum-ciphers which is a greedy little script.
> It has quite a lot of ssl protocol in it which it keeps for its self.
>
> It is a really quite complete script.
> What do you think, would it be a good idea to break this script
> into a sort of ssl library and make it's functions, constants and enums
> available
> to other, future, scripts ?
>
> I can see it getting quite useful for some scripts that would check for ssl
> vulnerabilities and other stuff.
>
> As far as I know, currently, there is no way of "speaking ssl" on that
> level from NSE
> save for building packets by hand, which ssl-enum-ciphers already does.
>
> Aleksandar
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

Aleksandar,

I think this is a great idea. Collecting the SSL/TLS protocol stuff
into a library would make it simpler to see what scripts like
ssl-enum-ciphers are doing, as well as enabling some things I was
thinking of tackling eventually: Diffie-Hellman prime length, DTLS,
etc.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/