NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS)

["Nmap User1" <nmapuser1 () gmail com>]

Hello,

I've been observing some odd nmap behavior lately when it comes to scanning
SSL services, typically HTTPS, under Ubuntu 12.04 LTS.  

In summary, nmap under Ubuntu 12.04 LTS is often unable to complete a SSL
scan due to an apparent timeout issue.  Nmap does not behave this way with
all HTTPS services, only some, around 5% from my observations.
Additionally, this behavior is only exhibited under Ubuntu 12.04 LTS and not
10.04 LTS.  Nmap versions 6.25, 6.40, and 6.41 all demonstrate the same
behavior.  Additionally, I've recompiled nmap to use the same version of
OpenSSL on both versions of Ubuntu with no change in behavior.

Randomly selected hosts (from Google):  

* www.bwin.com

* home.eease.com

* www.itslearning.com


For example, on any of the above hosts (sudo nmap -v -sS -Pn -p 443
--script=ssl-cert <host>):
* Scanning port 443 with nmap v6.41 under Ubuntu 10.04 LTS, takes 1 second
and correctly displays the ssl-certificate information.
* Scanning port 443 with nmap v6.41 under Ubuntu 12.04 LTS, takes 30 seconds
and is unable to negotiate the SSL connection during NSE.

According to the debug logs, it appears to be timing out:  "NSOCK INFO
[30.4340s] nsock_trace_handler_callback(): Callback: SSL-CONNECT TIMEOUT for
EID 9".  

I have verified this behavior on numerous installations of Ubuntu 12.04 LTS.

Thoughts?  Can anyone else replicate this behavior (with the above random
hosts or otherwise)?

Thanks!



_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/