Re: [NSE] tls-nextprotoneg

[Henri Doreau <henri.doreau () gmail com>]

2012/7/6 Hani Benhabiles <kroosec () gmail com>:
> Tests and feedback are welcome.
>
> Cheers,
> Hani.
Hi Hani,

that's a nice script, congratulations for the good work! There are a
couple things I would change in the code though (patch attached):

  - replaced randstring() function by a call to
stdnse.generate_random_string(). Maybe there's a nicer way to specify
the charset to the function though?
  - the list of known protocols is only used in check_npn(), I see no
need to pass it as a parameter from action().
  - cli_h is defined in action() and used in client_hello(), moved it.
  - defined client_hello() and check_npn() as local

Concerning adding the script to the default category: currently,
script will almost never return anything, so this would be one query
per SSL port we find w/o anything reported back. OTOH this is
relatively cheap and not having it in default would probably prevent
many users from benefiting it.

I'd be in favor of adding it to default.

Regards.

-- 
Henri

Attachment: tls_nextprotoneg_updates.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/