Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nmap ssl-enum-ciphers fails to enumerate tls 1.3 #1691

Open
daniejstriata opened this issue Aug 13, 2019 · 2 comments

Comments

@daniejstriata
Copy link

commented Aug 13, 2019

Hi,

I installed version 7.80's RPM ( and also from source) on Fedora 30 where I can't get ssl-enum-ciphers to enumerate TLS 1.3 information for a host I know serves TLS 1.3. I only see that the web server serves TLS 1.2 as below:

# nmap -sV --script ssl-enum-ciphers -p 443  <host>
Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-13 14:40 SAST
Nmap scan report for fte1.gs.striata.com (196.38.49.134)
Host is up (0.0087s latency).

PORT    STATE SERVICE VERSION
443/tcp open  ssl/ssl Apache httpd (SSL-only mode)
|_http-server-header: Apache
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp521r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp521r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp521r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.94 seconds

Output from Hardenize:
image

Details from my compiled version using Openssl 1.1.1c which supports TLS 1.3:

# nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.3.5 openssl-1.1.1c nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.43 nmap-libpcap-1.9.0 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

@nnposter

This comment has been minimized.

Copy link

commented Aug 13, 2019

Nmap currently does not support TLS 1.3

@dmiller-nmap

This comment has been minimized.

Copy link

commented Aug 14, 2019

I started updating NSE to TLS 1.3 last year some time, but I haven't had as much time to work on it as I would have liked. That said, it is high on my priority list and I hope to have it finished by the next release (which will not take over a year like Nmap 7.80 did!).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.