Nmap Development mailing list archives

Re: [NSE] Extended ssl-enum-ciphers script

From: Royce Williams <royce () techsolvency com>
Date: Mon, 11 Aug 2014 21:48:12 -0800

On Mon, Aug 11, 2014 at 6:50 PM, Daniel Miller <bonsaiviking () gmail com> wrote:

ssl-enum-ciphers now fully supports ordering of ciphersuites by server
preference: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html


Newb question ... is there any reason to not combine the two lists
ciphers in their preferred order, instead of the two 'ciphers' and
'preferred ciphers order' lists?  Other than maybe for backwards
compatibility reasons for people who are scraping the output?

As in:

|   TLSv1.2:
|     ciphers in preferred order:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|     compressors:
|       NULL

Starting from this combined format, converting this to a sorted list
is trivial.  But starting from the current format, it's much harder to
blend the two to get the unified picture of both preference and
strength.

Royce
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
- Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 10)
  - Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 10)
    - Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 11)
    - Re: [NSE] Extended ssl-enum-ciphers script Royce Williams (Aug 11)
    - Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
    - Re: [NSE] Extended ssl-enum-ciphers script Royce Williams (Aug 12)
    - Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
    - Re: [NSE] Extended ssl-enum-ciphers script Bojan Zdrnja (SANS ISC) (Aug 12)
    - Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)
    - Re: [NSE] Extended ssl-enum-ciphers script David Fifield (Aug 12)
    - Re: [NSE] Extended ssl-enum-ciphers script Daniel Miller (Aug 12)