Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Patch] prohibit RC4 as per RFC7465 #972

wants to merge 1 commit into from


Copy link

codarrenvelvindron commented Aug 15, 2017

As per RFC 7465,
We disallow the usage of RC4 cipher suites as they are no longer secure.


Codarren Velvindron
@nmap-bot nmap-bot closed this in ec0007c Sep 23, 2017
Copy link

nnposter commented Sep 24, 2017

This issue has been closed in error. My apologies.
Could you please resubmit?

Copy link

codarrenvelvindron commented Sep 28, 2017

@dmiller-nmap : Thanks for reopening this pr.

@nmap-bot nmap-bot closed this in 9f494f6 Oct 9, 2017
Copy link

b4ldr commented Oct 9, 2017

im not familiar with this code path however it occurs to me that we would want a tool like nmap/ncat to be able to use weak encryption algorithms so that we can discover services that support them. can we pass ncat a switch to override the algorithms used?

Copy link

fyodor commented Oct 18, 2017

Yes, I think you can still request the less secure ciphers by specifying them to --ssl-ciphers. It looks like this patch just defaults to only allowing the more secure set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.