Re: [RFC] Ncat fails with --ssl option

[Daniel Miller <bonsaiviking () gmail com>]

This was a fun bug, and I have been working on it for a couple days. The
fix is in r36652. The trouble is that SSL_read can return -1 even when
there is nothing wrong with the connection. This is used to indicate a need
for the application to call SSL_read again in order to handle some
TLS-layer communication such as a renegotiation. Ncat server was instead
treating this as a connection shutdown from the remote side, and it was
shutting down connections after only a few packets exchanged. Proper
handling is now in place to retry the SSL_read call, and there is no
further problem. First reported in October 2015 by Тюхтин Владимир.

Dan

On Sat, Mar 18, 2017 at 1:09 AM, Varunram Ganesh <vrg2009 () ymail com> wrote:

> Greetings List,
>
> The bug report [1] at Bugzilla describes a situation where Ncat fails to
> handle --ssl in an appropriate manner. A workaround seems to be to use SCTP
> or other advanced options instead of using TCP. This was reported by
> another user earlier at [2] but didn't garner response, so I'm leaving this
> here. What are your views on how we could handle this?
>
>
> Cheers,
>
> Varunram
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1317924
>
> [2] http://seclists.org/nmap-dev/2015/q4/58
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/