Re: [NSE][RFC] New cipher strength ratings for ssl-enum-ciphers

[Daniel Miller <bonsaiviking () gmail com>]

On Tue, Jul 17, 2012 at 11:39 AM, David Fifield <david () bamsoftware com> wrote:
> This looks fine to me, except for the change from weak/strong to A–F. If
> we're going to do that, let's discuss it and do ti as a separate patch.
> It needs new @output too.
>
> Please regenerate it with your Perl script; assign anything "A" to
> "strong" and everything else "weak". I'm curious to know if anything we
> had previously classified as "strong" is weak according to the SSL
> ratings.
>
> David Fifield

I will do that. I'd like to keep a category for ciphers that do not
encrypt or that do not authenticate. I'm calling it "broken" for now,
but I'm open to suggestions. For clarification, here are the number of
ciphers with each score currently:

3 unknown strength
263 A (strong)
21 D (weak)
13 E (weak)
59 F (broken)

All of the previous "strong" ciphers get an "A" rating. If anyone
can help me classify (find encryption key length of) the 3
unknown-strength ciphers I would greatly appreciate it:

SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA
TLS_GOSTR341094_WITH_28147_CNT_IMIT
TLS_GOSTR341001_WITH_28147_CNT_IMIT

Updated patch attached.

Dan

Attachment: ssl-ciphers.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/