Nmap Development mailing list archives
ssl-enum-ciphers not returning all ciphers
From: "Lemons, Terry" <Terry.Lemons () dell com>
Date: Tue, 25 Jun 2019 18:46:53 +0000
Hi I'm using nmap 7.70 on a Linux system to probe a different Linux system that is using RabbitMQ/Erlang. The cipher list, specified in the RabbitMQ-specific format, is: ssl_options.ciphers.1 = AES128-GCM-SHA256 ssl_options.ciphers.2 = AES256-GCM-SHA384 ssl_options.ciphers.3 = DHE-RSA-AES256-GCM-SHA384 ssl_options.ciphers.4 = DHE-RSA-AES128-GCM-SHA256 ssl_options.ciphers.5 = DHE-RSA-AES256-SHA256 ssl_options.ciphers.6 = DHE-RSA-AES128-SHA256 ssl_options.ciphers.7 = DHE-RSA-AES256-SHA ssl_options.ciphers.8 = DHE-RSA-AES128-SHA ssl_options.ciphers.9 = ECDHE-RSA-AES128-GCM-SHA256 ssl_options.ciphers.10 = ECDHE-RSA-AES256-SHA384 ssl_options.ciphers.11 = ECDHE-RSA-AES128-GCM-SHA256 ssl_options.ciphers.12 = ECDHE-RSA-AES128-SHA256 ssl_options.ciphers.13 = ECDHE-RSA-AES256-SHA ssl_options.ciphers.14 = ECDHE-RSA-AES128-SHA When I run nmap (with -d option, below), it returns only the third and fourth cipher: nmap -sV -p 5671 -d --script ssl-enum-ciphers 10.7.110.234 Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-25 12:36 MDT --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.3. NSE: Arguments from CLI: NSE: Loaded 44 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 12:36 Completed NSE at 12:36, 0.00s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 12:36 Completed NSE at 12:36, 0.00s elapsed Initiating Ping Scan at 12:36 Scanning 10.7.110.234 [4 ports] Packet capture filter (device eth0): dst host 10.7.93.141 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 10.7.110.234))) We got a ping packet back from 10.7.110.234: id = 48554 seq = 0 checksum = 16981 Completed Ping Scan at 12:36, 0.00s elapsed (1 total hosts) Overall sending rates: 1114.21 packets / s, 42339.83 bytes / s. mass_rdns: Using DNS server 10.7.93.100 Initiating Parallel DNS resolution of 1 host. at 12:36 mass_rdns: 13.00s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 3] Completed Parallel DNS resolution of 1 host. at 12:37, 13.00s elapsed DNS resolution of 1 IPs took 13.00s. Mode: Async [#: 1, OK: 0, NX: 0, DR: 1, SF: 0, TR: 3, CN: 0] Initiating SYN Stealth Scan at 12:37 Scanning 10.7.110.234 [1 port] Packet capture filter (device eth0): dst host 10.7.93.141 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 10.7.110.234))) Discovered open port 5671/tcp on 10.7.110.234 Completed SYN Stealth Scan at 12:37, 0.00s elapsed (1 total ports) Overall sending rates: 354.99 packets / s, 15619.45 bytes / s. Initiating Service scan at 12:37 Scanning 1 service on 10.7.110.234 Got nsock CONNECT response with status ERROR - aborting this service Completed Service scan at 12:37, 5.05s elapsed (1 service on 1 host) NSE: Script scanning 10.7.110.234. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 12:37 NSE: Starting ssl-enum-ciphers against 10.7.110.234:5671. NSE: [ssl-enum-ciphers 10.7.110.234:5671] Trying protocol TLSv1.1. NSE: [ssl-enum-ciphers 10.7.110.234:5671] Trying protocol SSLv3. NSE: [ssl-enum-ciphers 10.7.110.234:5671] Trying protocol TLSv1.2. NSE: [ssl-enum-ciphers 10.7.110.234:5671] Trying protocol TLSv1.0. NSE: Finished ssl-enum-ciphers against 10.7.110.234:5671. NSE: Finished ssl-enum-ciphers against 10.7.110.234:5671. NSE: Finished ssl-enum-ciphers against 10.7.110.234:5671. NSE: [ssl-enum-ciphers 10.7.110.234:5671] (TLSv1.2) Comparing TLS_RSA_WITH_AES_128_GCM_SHA256 to TLS_RSA_WITH_AES_256_GCM_SHA384 NSE: Finished ssl-enum-ciphers against 10.7.110.234:5671. NSE: Finished ssl-enum-ciphers against 10.7.110.234:5671. Completed NSE at 12:37, 0.07s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 12:37 NSE: Starting rpc-grind against 10.7.110.234:5671. NSE: [rpc-grind 10.7.110.234:5671] isRPC didn't receive response. NSE: [rpc-grind 10.7.110.234:5671] Target port 5671 is not a RPC port. NSE: Finished rpc-grind against 10.7.110.234:5671. Completed NSE at 12:37, 0.01s elapsed Nmap scan report for 10.7.110.234 Host is up, received echo-reply ttl 62 (0.0013s latency). Scanned at 2019-06-25 12:36:49 MDT for 18s PORT STATE SERVICE REASON VERSION 5671/tcp open ssl/amqps? syn-ack ttl 62 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client |_ least strength: A Final times for host: srtt: 1292 rttvar: 3833 to: 100000 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 12:37 Completed NSE at 12:37, 0.00s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 12:37 Completed NSE at 12:37, 0.00s elapsed Read from /usr/bin/../share/nmap: nmap-payloads nmap-service-probes nmap-services. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.80 seconds Raw packets sent: 5 (196B) | Rcvd: 2 (72B) # Is this a known problem? Should I be running nmap with different options? I tried '-T1' but it didn't change the behavior. Thanks! tl Terry Lemons [DellEMC_Logo_Hz_Blue_rgb_10percent] Data Protection Division 176 South Street, MS 2/B-34 Hopkinton MA 01748 terry.lemons () dell com<mailto:terry.lemons () dell com>
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssl-enum-ciphers not returning all ciphers Lemons, Terry (Jun 25)
- RE: ssl-enum-ciphers not returning all ciphers Matthew.Snyder (Jun 25)
- RE: ssl-enum-ciphers not returning all ciphers Lemons, Terry (Jun 25)
- RE: ssl-enum-ciphers not returning all ciphers Lemons, Terry (Jun 25)
- Re: ssl-enum-ciphers not returning all ciphers Daniel Miller (Jun 25)
- RE: ssl-enum-ciphers not returning all ciphers Lemons, Terry (Jun 26)
- RE: ssl-enum-ciphers not returning all ciphers Lemons, Terry (Jun 25)
- RE: ssl-enum-ciphers not returning all ciphers Matthew.Snyder (Jun 25)