Nmap Development mailing list archives
Re: About SSL Support
From: Fyodor <fyodor () insecure org>
Date: Fri, 29 May 2009 13:59:22 -0700
On Fri, May 29, 2009 at 03:28:39PM -0300, Joao Correa wrote:
I have some ideas, but I´m not pretty sure about what is the cause of this problem. Anyway, since I´ve found a way out I think is isn´t a big problem (trying SSL fisrt, and TCP second works pretty fine for all cases).
Hi Joao. That's good thinking, but I'm concerned about the performance impact of that, particularly when you're going against the port which usually doesn't have SSL. Also, if version detection has been done, you should already know if SSL is needed or not. If version detection was not enabled, but script scanning was, it is probably best to try the most likely scenario first, and then try the other if that fails. And yes, a TCP connect will succeed whether or not the service is SSL, so that can't be your whole test. But if you send unencrypted data to a service which requires SSL, I think it will generally disconnect you quickly. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- About SSL Support Joao Correa (May 29)
- Re: About SSL Support Fyodor (May 29)
- Re: About SSL Support David Fifield (May 29)
- Re: About SSL Support Joao Correa (Jun 06)