-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl-enum-ciphers not working on some ports #168
Comments
NSE scripts do not run on every port, which would generate lots of unnecessary traffic. Instead, they try to intelligently guess which ports are best for them to run on using a function called the "rule". The rule for The quickest way to get ssl-enum-ciphers to run on unusual ports is to add the Another option (not recommended for general-purpose port scanning) is to use |
Thanks for the info, @dmiller-nmap I think this particular script is usually used on specific port, where SSL/TLS service is expected, so bypassing the rule could be the default mode for this script (if it can be done on the script level). That's the way other cipher suite testing tools work (sslyze.py, testssl.sh, etc.). |
@MichalStaruch Thanks for the challenge. I just committed r34677 and r34678 which should let |
@dmiller-nmap I've just checked the latest 6.49SVN (commit 06e6062) and now all 3 commands, that is Did you perform any checks prior to pushing this change? On my side it's simple HTTPS (limited to TLSv1.2 and 4 strong cipher suites) moved to port 6666. |
@MichalStaruch Yes, I tested, but I'm pretty sure I know what's wrong. TLSv1.2 adds extensions for supported signature algorithms, and if they're missing, it assumes SHA1. Your server cert is probably SHA2 (a good thing!), so your TLS engine just drops the connection attempt (I used our older probe, which is SSLv3 only). This is why I added the |
@dmiller-nmap Yup, SHA-2-384 here. SHA-1 is nice alternative for CRC32, but not really good choice for collision-resistant signatures :). Anyway - nmap works fine, now (commit a881712), except the |
@MichalStaruch I'm glad it's working for you. I'd guess your web server (Apache does this) responds to plaintext HTTP requests on HTTPS ports with a redirect or error message; this is challenging to check for, since
|
@dmiller-nmap Output sent to dev@nmap.org. |
I came across this super old issue - remapping the port to some local matching port using ssh or netcat helped. |
@hphde This issue has been solved since Nmap 6.49BETA6, released almost 2 years ago. If you are still experiencing this with Nmap 7.60, please open a new issue so that we can solve your problem. |
For example:
nmap --script ssl-enum-ciphers localhost -p 443
works fine, but moving exactly the same service to port 6666 and running
nmap --script ssl-enum-ciphers localhost -p 6666
no cipher suite test is performed.
Tested on nmap 6.49BETA1.
The text was updated successfully, but these errors were encountered: