Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 11 Jun 2014 11:12:53 -0500
Thanks for committing this. Since people are linking to the mailing list
post directly, I thought I'd link to the official NSEdoc page, since that
will always have the most up-to-date information:

http://nmap.org/nsedoc/scripts/ssl-ccs-injection.html


On Wed, Jun 11, 2014 at 4:42 AM, Claudiu Perta <claudiu.perta () gmail com>
wrote:





1. Expand the script to check all versions (tls.PROTOCOLS) of TLS/SSL,
not just TLSv1.0. The bug is very old, and affects all versions equally. As
the script stands, a server that only supports TLSv1.1 or newer would not
show as vulnerable, even if it is.

2. There is some text in the comments that refers to the ssl-heartbleed
script, which this was modifed from: "try sending the heartbeat anyway"

3. Not necessary, because yours seems to work fine, but you could replace
the receive_alert function with calls to tls.record_buffer and
tls.record_read, since those parse SSL alert messages as well.



I integrated the suggested changes in the new version of the script, in
attachment.

--Claudiu


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: