Nmap Development mailing list archives
RE: [NSE] modified ssl-enum-ciphers to indicate policy compliance
From: Gabriel Lawrence <gabriel.lawrence () gmail com>
Date: Wed, 11 May 2011 16:45:56 -0700
David, Thanks. I decided to join the mail list so I'd see these things from now on. I finally got a chance to make the changes recommended below. Attached are the new files. Let me know if you think anything else should be tweaked or if these are good to go! PS: I don’t really consider my neckbeard to be awesome enough to make recommendations for the world on what reasonable ciphers should be on their default list. I took a wag at it anyway, so some review of that list wouldn’t be a bad idea. I don’t think I included anything bad, but I may have omitted something good. Thanks, gabe -----Original Message----- From: David Fifield [mailto:david () bamsoftware com] Sent: Tuesday, April 19, 2011 10:26 AM To: Lawrence, Gabe Cc: nmap-dev () insecure org Subject: Re: [NSE] modified ssl-enum-ciphers to indicate policy compliance Hi Gabe. Nice job on these modifications. You might not have been Cced on a couple of replies: http://seclists.org/nmap-dev/2011/q2/46 http://seclists.org/nmap-dev/2011/q2/49 I think I agree with Ron: It would be nice if an external data file classified ciphers into "strong" and "weak". We could add such a file to the distribution and make the script read it by default. Then for audits like yours, someone could just modify the file to match their own cipher requirements. If you do this, please base your work on the latest version of the script, which has some minor changes. http://nmap.org/svn/scripts/ssl-enum-ciphers.nse David Fifield
Attachment:
samplegoodciphers
Description:
Attachment:
ssl-enum-ciphers.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] modified ssl-enum-ciphers to indicate policy compliance Ron (Apr 03)
- Re: [NSE] modified ssl-enum-ciphers to indicate policy compliance Martin Holst Swende (Apr 03)
- <Possible follow-ups>
- Re: [NSE] modified ssl-enum-ciphers to indicate policy compliance David Fifield (Apr 19)
- RE: [NSE] modified ssl-enum-ciphers to indicate policy compliance Gabriel Lawrence (May 11)
- Re: [NSE] modified ssl-enum-ciphers to indicate policy compliance Gabriel Lawrence (Jun 09)