Nmap Development mailing list archives
Re: ssl-enum-ciphers rc4
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 14 Dec 2014 22:38:45 -0600
On Sun, Dec 14, 2014 at 9:00 AM, Secure-Mail User <felixxx () secure-mail biz> wrote:
Hi, the script ssl-enum ciphers declares (some) ciphers with use rc4 as strong, also in the latest version. TLS_RSA_WITH_RC4_128_SHA - strong TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong Regarding to [1], the scoring is from 2012 and based on SSL Labs' scoring system. RC4 is broken and SSL Labs declares those ciphers as weak. The scoring system for ssl-enum-ciphers should be updated.
Felix, Thanks for bringing this up. In fact, we have addressed this in our latest development trunk, but we have not had an Nmap release since the changes. In early November, I committed a series of changes (roughly r33779 through r33789) that switch our model from a datafile-based static ranking system to a dynamic scoring system that takes into account the strength of the server certificate and ephemeral DH parameters in addition to simply the encryption algorithm and key size. Addressing RC4 directly, we currently do not assess any demerits because of its weaknesses, but that could potentially change in the future. It is scored strictly on the strength of its 128-bit key, which puts it roughly 0.11 points behind the perfect score attained by having a 256-bit or longer encryption key. Since an "A" is any total score over 0.80, it is feasible that an RC4-based handshake would be scored an "A". At the same time that we revamped the scoring system, though, we added a Warnings capability. Right now, there is a warning related to RC4: "Weak cipher RC4 in TLSv1.1 or newer not needed for BEAST mitigation." This is related to RC4's unique position as the only widely adopted stream cipher supported in SSL/TLS. This unique property has made RC4 the go-to Band-Aid solution to the CBC-related TLS vulnerabilities (BEAST, POODLE, Lucky Thirteen). Since TLSv1.1 mitigates the BEAST attack, and TLSv1.2 introduces AEAD ciphers to avoid CBC-mode problems, there is no security-driven reason to use RC4 in these protocols, so we notify the user. The new script is available from SVN, but it relies on changes made to compiled portions of NSE, so you can't just drop it into an older version of Nmap and expect it to work, unfortunately. Dan
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssl-enum-ciphers rc4 Secure-Mail User (Dec 14)
- Re: ssl-enum-ciphers rc4 Daniel Miller (Dec 14)