Nmap Development mailing list archives
ssl-enum-ciphers support for TLS extensions
From: David Fifield <david () bamsoftware com>
Date: Sat, 28 Dec 2013 14:03:05 -0800
Here are some patches that add support for some TLS extensions in ssl-enum-ciphers.nse. The server_name extension (RFC 6066), also known as Server Name Indication or SNI, indicates the name of the virtual host you are trying to contact. The value is taken from the host.targetname field and is omitted if you are scanning an IP address. It may be that servers change their offered ciphersuites depending on the virtual host you are trying to contact; for example https://wiki.apache.org/httpd/NameBasedSSLVHosts has an SSLCipherSuite specification inside a VirtualHost. The elliptic_curves and ec_point_formats extensions (RFC 4492) describe elliptic curve crypto parameters supported by the client. It may be that servers may change the ciphersuites offered to the client based on the curves and point formats the client claims to support. I made the script claim to support every curve and point format mentioned in RFC 4492. I've done a large scan with these patches, but I haven't yet checked if there are any targets for which the results differ. I'm sending the patch for comments and I'll let you know what I find. TLS extensions are disabled for SSLv3, and enabled for TLSv1.0, TLSv1.1, and TLSv1.2. At the end of this message is a tshark decode of a probe using the patched code. The new stuff starts at "Extensions Length". David Fifield Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 261 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 257 Version: TLS 1.2 (0x0303) Random gmt_unix_time: Dec 28, 2013 13:59:03.000000000 PST random_bytes: 6e6d61706e6d61706e6d61706e6d61706e6d61706e6d6170... Session ID Length: 0 Cipher Suites Length: 128 Cipher Suites (64 suites) Cipher Suite: TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc074) Cipher Suite: TLS_RSA_PSK_WITH_NULL_SHA384 (0x00b9) Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 (0xc05d) Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062) Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066) Cipher Suite: TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 (0xc03f) Cipher Suite: TLS_PSK_WITH_3DES_EDE_CBC_SHA (0x008b) Cipher Suite: TLS_DHE_PSK_WITH_NULL_SHA256 (0x00b4) Cipher Suite: TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 (0xc054) Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098) Cipher Suite: TLS_KRB5_WITH_RC4_128_SHA (0x0020) Cipher Suite: TLS_ECDHE_PSK_WITH_NULL_SHA256 (0xc03a) Cipher Suite: TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 (0xc063) Cipher Suite: TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 (0x00ab) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077) Cipher Suite: TLS_KRB5_WITH_RC4_128_MD5 (0x0024) Cipher Suite: TLS_PSK_WITH_AES_128_GCM_SHA256 (0x00a8) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 (0x00bf) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_NULL_WITH_NULL_NULL (0x0000) Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 (0xc085) Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 (0x00bd) Cipher Suite: SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA (0x001d) Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010) Cipher Suite: Unknown (0x0049) Cipher Suite: Unknown (0x005b) Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034) Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f) Cipher Suite: TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA (0xc01c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 (0xc048) Cipher Suite: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 (0x0017) Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007) Cipher Suite: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000e) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc08b) Cipher Suite: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (0x000b) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: Unknown (0x0053) Cipher Suite: TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc079) Cipher Suite: Unknown (0x0057) Cipher Suite: TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 (0xc05b) Cipher Suite: TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016) Cipher Suite: TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (0xc052) Cipher Suite: TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 (0x002a) Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a) Cipher Suite: TLS_PSK_WITH_AES_256_CBC_SHA (0x008d) Cipher Suite: Unknown (0x0073) Cipher Suite: TLS_KRB5_EXPORT_WITH_RC4_40_MD5 (0x002b) Cipher Suite: TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 (0xc069) Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085) Cipher Suite: TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 (0x00b2) Cipher Suite: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (0xc037) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 (0xc0a3) Cipher Suite: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0xfefe) Cipher Suite: Unknown (0x0072) Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042) Cipher Suite: TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 (0x00ac) Cipher Suite: Unknown (0x005c) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07c) Compression Methods Length: 3 Compression Methods (3 methods) Compression Method: DEFLATE (1) Compression Method: null (0) Compression Method: Reserved - to be assigned by IANA (64) Extensions Length: 86 Extension: server_name Type: server_name (0x0000) Length: 14 Server Name Indication extension Server Name list length: 12 Server Name Type: host_name (0) Server Name length: 9 Server Name: localhost Extension: elliptic_curves Type: elliptic_curves (0x000a) Length: 56 Elliptic Curves Length: 54 Elliptic curves (27 curves) Elliptic curve: sect163k1 (0x0001) Elliptic curve: sect163r1 (0x0002) Elliptic curve: sect163r2 (0x0003) Elliptic curve: sect193r1 (0x0004) Elliptic curve: sect193r2 (0x0005) Elliptic curve: sect233k1 (0x0006) Elliptic curve: sect233r1 (0x0007) Elliptic curve: sect239k1 (0x0008) Elliptic curve: sect283k1 (0x0009) Elliptic curve: sect283r1 (0x000a) Elliptic curve: sect409k1 (0x000b) Elliptic curve: sect409r1 (0x000c) Elliptic curve: sect571k1 (0x000d) Elliptic curve: sect571r1 (0x000e) Elliptic curve: secp160k1 (0x000f) Elliptic curve: secp160r1 (0x0010) Elliptic curve: secp160r2 (0x0011) Elliptic curve: secp192k1 (0x0012) Elliptic curve: secp192r1 (0x0013) Elliptic curve: secp224k1 (0x0014) Elliptic curve: secp224r1 (0x0015) Elliptic curve: secp256k1 (0x0016) Elliptic curve: secp256r1 (0x0017) Elliptic curve: secp384r1 (0x0018) Elliptic curve: secp521r1 (0x0019) Elliptic curve: arbitrary_explicit_prime_curves (0xff01) Elliptic curve: arbitrary_explicit_char2_curves (0xff02) Extension: ec_point_formats Type: ec_point_formats (0x000b) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2)
Attachment:
ssl-enum-ciphers.patch
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssl-enum-ciphers support for TLS extensions David Fifield (Dec 28)