Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers

[David Fifield <david () bamsoftware com>]

On Mon, Jul 16, 2012 at 02:00:37PM -0500, Daniel Miller wrote:
> List,
>
> As I was wrapping up work on ssl-enum-ciphers, I decided to add to
> the existing cipher strength rankings in nselib/data/ssl-ciphers.
> Previously, this file only contained ciphers ranked "strong." I
> added cipher suites that could be classified as "weak" (based on
> export-grade crypto), "no_authentication" (aNULL or Anonymous DH),
> "no_encryption" (eNULL), and various combinations of these. I also
> spent a little time cleaning up the ranking code, but no functional
> changes there.
>
> I'm attaching the patch for this change, so any feedback would be
> helpful, especially additional ciphers to consider "strong," since
> many were added since the original list was put together. Thanks!

Is this patch reversed?

It looks reasonable to me. Patrik's suggestion to check against the SSL
Rating Guide is a good one. Also, a previous thread turned up this list
of strength ratings, which were never used:

http://seclists.org/nmap-dev/2011/q2/49
https://code.google.com/p/sslaudit/source/browse/trunk/sslaudit.ini

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/