RE: [NSE] modified ssl-enum-ciphers to indicate policy compliance

[Gabriel Lawrence <gabriel.lawrence () gmail com>]

David,



Thanks. I decided to join the mail list so I'd see these things from now on.
I finally got a chance to make the changes recommended below. Attached are
the new files. Let me know if you think anything else should be tweaked or
if these are good to go!



PS: I don’t really consider my neckbeard to be awesome enough to make
recommendations for the world on what reasonable ciphers should be on their
default list. I took a wag at it anyway, so some review of that list
wouldn’t be a bad idea. I don’t think I included anything bad, but I may
have omitted something good.



Thanks,

gabe



-----Original Message-----
From: David Fifield [mailto:david () bamsoftware com]
Sent: Tuesday, April 19, 2011 10:26 AM
To: Lawrence, Gabe
Cc: nmap-dev () insecure org
Subject: Re: [NSE] modified ssl-enum-ciphers to indicate policy compliance



Hi Gabe. Nice job on these modifications. You might not have been Cced on a
couple of replies:

                http://seclists.org/nmap-dev/2011/q2/46

                http://seclists.org/nmap-dev/2011/q2/49

I think I agree with Ron: It would be nice if an external data file
classified ciphers into "strong" and "weak". We could add such a file to the
distribution and make the script read it by default. Then for audits like
yours, someone could just modify the file to match their own cipher
requirements.



If you do this, please base your work on the latest version of the script,
which has some minor changes.

http://nmap.org/svn/scripts/ssl-enum-ciphers.nse



David Fifield

Attachment: samplegoodciphers
Description:

Attachment: ssl-enum-ciphers.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/