Nmap Development mailing list archives
Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers
From: David Fifield <david () bamsoftware com>
Date: Mon, 16 Jul 2012 14:31:47 -0700
On Mon, Jul 16, 2012 at 02:00:37PM -0500, Daniel Miller wrote:
List, As I was wrapping up work on ssl-enum-ciphers, I decided to add to the existing cipher strength rankings in nselib/data/ssl-ciphers. Previously, this file only contained ciphers ranked "strong." I added cipher suites that could be classified as "weak" (based on export-grade crypto), "no_authentication" (aNULL or Anonymous DH), "no_encryption" (eNULL), and various combinations of these. I also spent a little time cleaning up the ranking code, but no functional changes there. I'm attaching the patch for this change, so any feedback would be helpful, especially additional ciphers to consider "strong," since many were added since the original list was put together. Thanks!
Is this patch reversed? It looks reasonable to me. Patrik's suggestion to check against the SSL Rating Guide is a good one. Also, a previous thread turned up this list of strength ratings, which were never used: http://seclists.org/nmap-dev/2011/q2/49 https://code.google.com/p/sslaudit/source/browse/trunk/sslaudit.ini David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 16)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Patrik Karlsson (Jul 16)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers David Fifield (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers David Fifield (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 18)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Daniel Miller (Jul 17)
- Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers Patrik Karlsson (Jul 16)