Nmap Development mailing list archives
Re: [NSE] Extended ssl-enum-ciphers script
From: Royce Williams <royce () techsolvency com>
Date: Mon, 11 Aug 2014 21:48:12 -0800
On Mon, Aug 11, 2014 at 6:50 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
ssl-enum-ciphers now fully supports ordering of ciphersuites by server preference: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
Newb question ... is there any reason to not combine the two lists ciphers in their preferred order, instead of the two 'ciphers' and 'preferred ciphers order' lists? Other than maybe for backwards compatibility reasons for people who are scraping the output? As in: | TLSv1.2: | ciphers in preferred order: | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | compressors: | NULL Starting from this combined format, converting this to a sorted list is trivial. But starting from the current format, it's much harder to blend the two to get the unified picture of both preference and strength. Royce _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 11)
- Re: [NSE] Extended ssl-enum-ciphers script Royce Williams (Aug 11)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Royce Williams (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script David Fifield (Aug 12)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)