Nmap Development mailing list archives
Re: [RFC] Ncat fails with --ssl option
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 18 Mar 2017 21:42:26 -0500
This was a fun bug, and I have been working on it for a couple days. The fix is in r36652. The trouble is that SSL_read can return -1 even when there is nothing wrong with the connection. This is used to indicate a need for the application to call SSL_read again in order to handle some TLS-layer communication such as a renegotiation. Ncat server was instead treating this as a connection shutdown from the remote side, and it was shutting down connections after only a few packets exchanged. Proper handling is now in place to retry the SSL_read call, and there is no further problem. First reported in October 2015 by Тюхтин Владимир. Dan On Sat, Mar 18, 2017 at 1:09 AM, Varunram Ganesh <vrg2009 () ymail com> wrote:
Greetings List, The bug report [1] at Bugzilla describes a situation where Ncat fails to handle --ssl in an appropriate manner. A workaround seems to be to use SCTP or other advanced options instead of using TCP. This was reported by another user earlier at [2] but didn't garner response, so I'm leaving this here. What are your views on how we could handle this? Cheers, Varunram [1] https://bugzilla.redhat.com/show_bug.cgi?id=1317924 [2] http://seclists.org/nmap-dev/2015/q4/58
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] Ncat fails with --ssl option Varunram Ganesh (Mar 17)
- Re: [RFC] Ncat fails with --ssl option Daniel Miller (Mar 18)