Nmap Development mailing list archives
TLS cipher strength diffs between nmap and SSL Labs
From: "Chen, Jerry G" <Jerry.Chen () invesco com>
Date: Tue, 28 Jul 2020 17:24:12 +0000
Hi - I used Qualys SSL Labs to test our company's website. The results are here at https://www.ssllabs.com/ssltest/analyze.html?d=www.invesco.com&hideResults=on. It finds 12 ciphers used with only 2 being strong. But when I use nmap to scan the site, all 12 ciphers are listed as strong. Do you know whose resultst are more accurate? Thanks! Jerry
nmap -sV --script ssl-enum-ciphers -p 443 www.invesco.com
Starting Nmap 6.40 ( http://nmap.org ) at 2020-07-28 12:04 CDT Nmap scan report for www.invesco.com (142.148.253.74) Host is up (0.0012s latency). PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache httpd | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: No supported ciphers found | TLSv1.1: No supported ciphers found | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_RSA_WITH_AES_256_GCM_SHA384 - strong | compressors: | NULL |_ least strength: strong Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.25 seconds **************************************************************** Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person(s) or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any device. ****************************************************************
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- TLS cipher strength diffs between nmap and SSL Labs Chen, Jerry G (Aug 10)
- Re: TLS cipher strength diffs between nmap and SSL Labs Christoph Gruber (Aug 11)
- Re: TLS cipher strength diffs between nmap and SSL Labs Matthew.Snyder (Aug 11)
- Re: TLS cipher strength diffs between nmap and SSL Labs Daniel Miller (Aug 27)
- Re: TLS cipher strength diffs between nmap and SSL Labs Christoph Gruber (Aug 11)