Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Extended ssl-enum-ciphers script

From: David Fifield <david () bamsoftware com>
Date: Tue, 12 Aug 2014 10:18:18 -0700
On Tue, Aug 12, 2014 at 11:15:02AM +0200, Bojan Zdrnja (SANS ISC) wrote:

Btw, according to this article that I later found:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx
Schannel on Windows supports a total of 55 ciphers (30 by default and 25
that have to be added), so with a normal setup on Windows there should
never be a case when more than 64 ciphers are supported.


There definitely were cases in the past where not limiting tests to 64
ciphersuites at a time caused false measurements. An example domain was
windowsupdate.microsoft.com back in 2012.

http://seclists.org/nmap-dev/2010/q1/859
"it still can't return all seven that ssllabs.com
and the old version of my script report"

http://seclists.org/nmap-dev/2012/q3/161
"shows more ciphers with the slow method than the fast one"

http://seclists.org/nmap-dev/2012/q3/167
"in groups of 64 or less, I've successfully tested against
windowsupdate.microsoft.com"

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: