Nmap Development mailing list archives
Re: SSL/TLS Diffie-Hellman prime discovery script and a patch to TLS library
From: Jacob Gajek <jgajek () gmail com>
Date: Tue, 28 Jul 2015 11:32:27 -0400
Hello All, I recently put together a technical write-up on using Nmap to scan for weak Diffie-Hellman groups in TLS services (there are still a lot of them out there). For those who enjoy that sort of thing, there is even a quick run-down of the mathematical considerations involved in generating secure DH modular integer group parameters. http://www2.esentire.com/TLSUnjammedWP Jacob On Thu, Jun 4, 2015 at 3:14 PM, Jacob Gajek <jgajek () gmail com> wrote:
Hello All, Here is a small NSE script for discovery of well-known SSL/TLS Diffie-Hellman primes, as exploited by the recent Logjam vulnerability. https://github.com/eSentire/nmap-esentire It is based on the excellent TLS library code from Daniel Miller. I have attached a tiny patch to the TLS library code to fix DH parameter unpacking for (EC)DHE_PSK key exchange variants. As I am new to Nmap scripting and Lua, I may not have gotten things quite right to make it production-ready. Any advice would be appreciated. Regards, Jacob Gajek
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: SSL/TLS Diffie-Hellman prime discovery script and a patch to TLS library Jacob Gajek (Jul 28)