-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Differences between sslscan 1.8.2 on linux and sslscan 1.11.1-rbsec-5-g13488b2 on OS X #76
Comments
Your Linux scan results are using a version of sslscan released by Ian Ventura-Whiting in June 2009, which is built against whatever version of OpenSSL your distro ships, which may or may not have support for various insecure ciphers or protocols. Do you still get different results between Linux and OSX if you use a modern version of sslscan on Linux (and statically build both)? |
Unfortunately 1.8.3 is the the newest version of sslscan in Linux Mint 17. Upgrading to the latest version 1.10.2 of that branch (https://github.com/DinoTools/sslscan) did not work (at least for me). |
The version on Fedora (that you linked) is provided by another developer - so if you encounter any bugs in it then please contact DinoTools or the distro maintainers. If you build the latest version of my fork from this repo, that should work on Fedora. It's also packaged on at least one distro (Kali), and I think it's being packaged in the Debian experimental repos. |
I have the feeling that you don't understand the purpose of testing DinoTools version against your version. If that version (1.10.2) of DinoTools would also have proceeded a different outcome like the older 1.8.3 version of the same branch, than either your version or DinoTools version would have a problem. Since this is not the case, everything is fine. No version has a bug an nobody needs to be informed about anything. Maybe only LinuxMint or Ubuntu to update their packages. |
sslscan 1.8.2 on linux mint 17.3
sslscan secure.st-willi.de | grep "40 bits"
Rejected SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-EDH-DSS-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-ADH-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-DES-CBC-SHA
Rejected SSLv3 40 bits EXP-RC2-CBC-MD5
Rejected SSLv3 40 bits EXP-ADH-RC4-MD5
Rejected SSLv3 40 bits EXP-RC4-MD5
Rejected TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-EDH-DSS-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-ADH-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-DES-CBC-SHA
Rejected TLSv1 40 bits EXP-RC2-CBC-MD5
Rejected TLSv1 40 bits EXP-ADH-RC4-MD5
Rejected TLSv1 40 bits EXP-RC4-MD5
sslscan 1.11.1-rbsec-5-g13488b2 on OS X
sslscan secure.st-willi.de | grep "40"
Accepted TLSv1.0 40 bits EXP-DES-CBC-SHA RSA 512 bits
Accepted TLSv1.0 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
Accepted TLSv1.0 40 bits EXP-RC4-MD5 RSA 512 bits
You see, that all that is accepted by the scan in OS X is rejected in the scan in linux.
Which one is right?
The text was updated successfully, but these errors were encountered: