Nmap Development mailing list archives
Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS)
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 09 Oct 2013 09:47:07 -0500
On 09/06/2013 03:30 PM, Nmap User1 wrote:
Ok, I just found out what is causing this. It's a problem with TLS compatibility issues in certain Internet devices when using recent versions of OpenSSL (>1.0.1 at least). Here is an article with some more detail: https://www.imperialviolet.org/2013/10/07/f5update.htmlSo what component in the identified current Debian based distros is causing nmap to demonstrate this behavior? The nmap debug logs did not appear overly helpful in this case.
So the answer seems to be that you could install an older version of the libssl-dev package (0.9.8 for example) and recompile. You'd also need the appropriate library package (libssl0.9.8).
Maybe Nmap should try falling back to a single ssl/tls version when there's a timeout? Here's what OpenSSL's s_client man page has to say:
-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1 these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off with the -no_tls option others will only support SSL v2 and may need the -ssl2 option.
Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Daniel Miller (Oct 09)