New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Patch] prohibit RC4 as per RFC7465 #972

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
5 participants
@codarrenvelvindron

codarrenvelvindron commented Aug 15, 2017

As per RFC 7465,
We disallow the usage of RC4 cipher suites as they are no longer secure.

Reference:
https://tools.ietf.org/html/rfc7465

@nmap-bot nmap-bot closed this in ec0007c Sep 23, 2017

@nnposter

This comment has been minimized.

Show comment
Hide comment
@nnposter

nnposter Sep 24, 2017

This issue has been closed in error. My apologies.
Could you please resubmit?

nnposter commented Sep 24, 2017

This issue has been closed in error. My apologies.
Could you please resubmit?

@codarrenvelvindron

This comment has been minimized.

Show comment
Hide comment
@codarrenvelvindron

codarrenvelvindron Sep 28, 2017

@dmiller-nmap : Thanks for reopening this pr.

codarrenvelvindron commented Sep 28, 2017

@dmiller-nmap : Thanks for reopening this pr.

@nmap-bot nmap-bot closed this in 9f494f6 Oct 9, 2017

@b4ldr

This comment has been minimized.

Show comment
Hide comment
@b4ldr

b4ldr Oct 9, 2017

im not familiar with this code path however it occurs to me that we would want a tool like nmap/ncat to be able to use weak encryption algorithms so that we can discover services that support them. can we pass ncat a switch to override the algorithms used?

b4ldr commented Oct 9, 2017

im not familiar with this code path however it occurs to me that we would want a tool like nmap/ncat to be able to use weak encryption algorithms so that we can discover services that support them. can we pass ncat a switch to override the algorithms used?

@fyodor

This comment has been minimized.

Show comment
Hide comment
@fyodor

fyodor Oct 18, 2017

Yes, I think you can still request the less secure ciphers by specifying them to --ssl-ciphers. It looks like this patch just defaults to only allowing the more secure set.

fyodor commented Oct 18, 2017

Yes, I think you can still request the less secure ciphers by specifying them to --ssl-ciphers. It looks like this patch just defaults to only allowing the more secure set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment