Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: About SSL Support

From: Fyodor <fyodor () insecure org>
Date: Fri, 29 May 2009 13:59:22 -0700
On Fri, May 29, 2009 at 03:28:39PM -0300, Joao Correa wrote:


I have some ideas, but I´m not pretty sure about what is the cause of
this problem. Anyway, since I´ve found a way out I think is isn´t a
big problem (trying SSL fisrt, and TCP second works pretty fine for
all cases).


Hi Joao.  That's good thinking, but I'm concerned about the
performance impact of that, particularly when you're going against the
port which usually doesn't have SSL.  Also, if version detection has
been done, you should already know if SSL is needed or not.

If version detection was not enabled, but script scanning was, it is
probably best to try the most likely scenario first, and then try the
other if that fails.

And yes, a TCP connect will succeed whether or not the service is SSL,
so that can't be your whole test.  But if you send unencrypted data to
a service which requires SSL, I think it will generally disconnect you
quickly.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: