Nmap Development mailing list archives
sslv2 script bug
From: Matt Selsky <selsky () columbia edu>
Date: Sat, 5 Jun 2010 20:35:31 -0400 (EDT)
I'm using nmap svn trunk and scanning for SSLv2 servers: $ ./nmap --datadir=. -sV -p 465 --script=sslv2 mailtest Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-06-05 20:29 EDT Nmap scan report for mailtest (192.168.59.245) Host is up (0.00035s latency). rDNS record for 192.168.59.245: mailtest PORT STATE SERVICE VERSION 465/tcp open ssl/smtp Sendmail 8.14.4/8.14.3/CUIT |_sslv2: server still supports SSLv2 Service Info: OS: UnixService detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.13 seconds I have the following configured in sendmail.cf O CipherList=HIGH:MEDIUM:!ADH:-SSLv2 so SSLv2 should be disabled. The openssl s_client command thinks SSLv2 is disabled. $ openssl s_client -connect mailtest:465 -ssl2 CONNECTED(00000003) depth=1 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1depth=0 serialNumber = 5axfkuOwl1HyGb1IkKw3d7PAtJIo7Feu, C = US, ST = New York, L = New York, O = Columbia University, OU = Information Technology, CN = mailtest
verify return:13078604508:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:
--- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 892 bytes and written 50 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1275784302 Timeout : 300 (sec) Verify return code: 0 (ok) --- How do I debug the problem with sslv2.nse? Cheers, -- Matt _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- sslv2 script bug Matt Selsky (Jun 05)
- Re: sslv2 script bug Thierry Zoller (Jun 12)
- Re: sslv2 script bug David Fifield (Jun 18)