New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL-ENUM-CIPHERS: Probe may give false negative aborting complete cipher detection #254
Comments
What are you proposing? The existing code does check for an alert (line 894 checks for a response beginning with |
Thanks for the comment, you are right! It looks like some server implementations may just kill the connection when an alert is generated, thus not sending a response. Perhaps adding an argument that forces full scan for ciphers may be an option.
My apologies for my lack of knowledge, this is my first time dealing with LUA. |
NSE has a feature for forcing a script to run, bypassing the rule function. I did notice while investigating this that we did not fix the
|
Thanks again! Agreed on the risk, I'd only use it on a specific port I know it is SSL/TLS. I think I'm set for now. |
In cases where target servers have restricted ciphers and/or protocol (SSLv3), the initial 2 probes sent to detect whether the target server is running TLS/SSL may fail with "no cipher suites in common" or "Client requested protocol SSLv3 not enabled or not supported".
If we detect an SSL alert it is probably safe to assume that the target server is running TLS/SSL so continue with full scan.
Line 877
The text was updated successfully, but these errors were encountered: