Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssl-enum-ciphers rc4

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 14 Dec 2014 22:38:45 -0600
On Sun, Dec 14, 2014 at 9:00 AM, Secure-Mail User <felixxx () secure-mail biz>
wrote:


Hi,

the script ssl-enum ciphers declares (some) ciphers with use rc4 as
strong, also in the latest version.

TLS_RSA_WITH_RC4_128_SHA - strong
TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong

Regarding to [1], the scoring is from 2012 and based on SSL Labs' scoring
system. RC4 is broken and SSL Labs declares those ciphers as weak. The
scoring system for ssl-enum-ciphers should be updated.



Felix,

Thanks for bringing this up. In fact, we have addressed this in our latest
development trunk, but we have not had an Nmap release since the changes.
In early November, I committed a series of changes (roughly r33779 through
r33789) that switch our model from a datafile-based static ranking system
to a dynamic scoring system that takes into account the strength of the
server certificate and ephemeral DH parameters in addition to simply the
encryption algorithm and key size.

Addressing RC4 directly, we currently do not assess any demerits because of
its weaknesses, but that could potentially change in the future. It is
scored strictly on the strength of its 128-bit key, which puts it roughly
0.11 points behind the perfect score attained by having a 256-bit or longer
encryption key. Since an "A" is any total score over 0.80, it is feasible
that an RC4-based handshake would be scored an "A".

At the same time that we revamped the scoring system, though, we added a
Warnings capability. Right now, there is a warning related to RC4: "Weak
cipher RC4 in TLSv1.1 or newer not needed for BEAST mitigation." This is
related to RC4's unique position as the only widely adopted stream cipher
supported in SSL/TLS. This unique property has made RC4 the go-to Band-Aid
solution to the CBC-related TLS vulnerabilities (BEAST, POODLE, Lucky
Thirteen). Since TLSv1.1 mitigates the BEAST attack, and TLSv1.2 introduces
AEAD ciphers to avoid CBC-mode problems, there is no security-driven reason
to use RC4 in these protocols, so we notify the user.

The new script is available from SVN, but it relies on changes made to
compiled portions of NSE, so you can't just drop it into an older version
of Nmap and expect it to work, unfortunately.

Dan

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: