In cases where target servers have restricted ciphers and/or protocol (SSLv3), the initial 2 probes sent to detect whether the target server is running TLS/SSL may fail with "no cipher suites in common" or "Client requested protocol SSLv3 not enabled or not supported".
If we detect an SSL alert it is probably safe to assume that the target server is running TLS/SSL so continue with full scan.
Line 877
local is_ssl = false
-- probes from nmap-service-probes
for _, probe in ipairs({
--TLSSessionReq
"\x16\x03\0\x00g\x01\0\x001\x03\x03U\x1c\xa7\xe4random1random2random3\z
random4\0\x00\x0a\0/\0\x0a\0\x13\x009\0\x04\x01\0\0\x30\0\x0d\0,\0*\0\z
\x01\0\x03\0\x02\x06\x01\x06\x03\x06\x02\x02\x01\x02\x03\x02\x02\x03\x01\z
\x03\x03\x03\x02\x04\x01\x04\x03\x04\x02\x01\x01\x01\x03\x01\x02\x05\x01\z
\x05\x03\x05\x02",
-- SSLSessionReq
"\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\z
\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\z
\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\z
\x08\0\x06\0\x03\x01\0",
}) do
local status, resp = comm.exchange(host, port, probe)
if status and resp and (
resp:match("^\x16\x03[\0-\x03]..\x02...\x03[\0-\x03]") or
resp:match("^\x15\x03[\0-\x03]\0\x02\x02[F\x28]")
) then
is_ssl = true
break
end
end
return is_ssl
In cases where target servers have restricted ciphers and/or protocol (SSLv3), the initial 2 probes sent to detect whether the target server is running TLS/SSL may fail with "no cipher suites in common" or "Client requested protocol SSLv3 not enabled or not supported".
If we detect an SSL alert it is probably safe to assume that the target server is running TLS/SSL so continue with full scan.
Line 877