Nmap Development mailing list archives
Re: nmap does not list ciphers consistently
From: nayakani () gmail com
Date: Fri, 9 Feb 2018 07:35:53 +0530
Hi Daniel, It seems nmap behavior is different on Mac OS vs Windows OS. As per a test done on a Windows following nmap command with "min/max rtt timeout value of 10sec" does consistency list the Ciphers. What would be the logic behind it why RTT of 10 sec on direct attach would make any difference. Is is any delayed response from the target IP which was causing possible failure ? Why is this so sensitive in Windows? nmap.exe --max-rtt-timeout 10000ms --min-rtt-timeout 10000ms --script ssl-enum-ciphers <ClusterIP-Address> -p 443 Regards Anil. Sent from my iPhone
On 30-Jan-2018, at 2:54 PM, NAYAK, ANIL KUMAR <nayakani () gmail com> wrote: Thanks Daniel, Please find below test result where nmap faild to list the ciphers under port 5989/8443. I would like to re-iterate , multiple tests results shows differnet results, The superset of the result does list the desired ciphers at port 443/8443 & 5989. Results are similar whether it is ports are switch attached or direct attached. nmap -d --script +ssl-enum-ciphers <IP Address replaced> Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-30 14:10 IST PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.3. NSE: Arguments from CLI: NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 14:10 Completed NSE at 14:10, 0.00s elapsed Initiating Ping Scan at 14:10 Scanning <IP Address replaced> [2 ports] Completed Ping Scan at 14:10, 0.14s elapsed (1 total hosts) Overall sending rates: 14.50 packets / s. mass_rdns: Using DNS server 192.168.43.1 Initiating Parallel DNS resolution of 1 host. at 14:10 mass_rdns: 0.01s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 14:10, 0.00s elapsed DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] Initiating Connect Scan at 14:10 Scanning <IP Address replaced> [1000 ports] Discovered open port 22/tcp on <IP Address replaced> Discovered open port 8080/tcp on <IP Address replaced> Discovered open port 443/tcp on <IP Address replaced> Discovered open port 80/tcp on <IP Address replaced> Discovered open port 8443/tcp on <IP Address replaced> Discovered open port 3260/tcp on <IP Address replaced> Completed Connect Scan at 14:10, 12.34s elapsed (1000 total ports) Overall sending rates: 162.02 packets / s. NSE: Script scanning <IP Address replaced>. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 14:10 NSE: Starting ssl-enum-ciphers against <IP Address replaced>:22. NSE: [ssl-enum-ciphers <IP Address replaced>:22] Trying protocol TLSv1.2. NSE: [ssl-enum-ciphers <IP Address replaced>:22] Trying protocol SSLv3. NSE: [ssl-enum-ciphers <IP Address replaced>:22] Trying protocol TLSv1.0. NSE: [ssl-enum-ciphers <IP Address replaced>:22] Trying protocol TLSv1.1. NSE: Starting ssl-enum-ciphers against <IP Address replaced>:8080. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] Trying protocol TLSv1.2. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] Trying protocol SSLv3. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] Trying protocol TLSv1.0. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] Trying protocol TLSv1.1. NSE: Starting ssl-enum-ciphers against <IP Address replaced>:80. NSE: [ssl-enum-ciphers <IP Address replaced>:80] Trying protocol TLSv1.2. NSE: [ssl-enum-ciphers <IP Address replaced>:80] Trying protocol SSLv3. NSE: [ssl-enum-ciphers <IP Address replaced>:80] Trying protocol TLSv1.0. NSE: [ssl-enum-ciphers <IP Address replaced>:80] Trying protocol TLSv1.1. NSE: Starting ssl-enum-ciphers against <IP Address replaced>:443. NSE: [ssl-enum-ciphers <IP Address replaced>:443] Trying protocol TLSv1.2. NSE: [ssl-enum-ciphers <IP Address replaced>:443] Trying protocol SSLv3. NSE: [ssl-enum-ciphers <IP Address replaced>:443] Trying protocol TLSv1.0. NSE: [ssl-enum-ciphers <IP Address replaced>:443] Trying protocol TLSv1.1. NSE: Starting ssl-enum-ciphers against <IP Address replaced>:3260. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] Trying protocol TLSv1.2. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] Trying protocol SSLv3. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] Trying protocol TLSv1.0. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] Trying protocol TLSv1.1. NSE: Starting ssl-enum-ciphers against <IP Address replaced>:8443. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] Trying protocol TLSv1.2. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] Trying protocol SSLv3. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] Trying protocol TLSv1.0. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] Trying protocol TLSv1.1. NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.2) Can't connect: ERROR NSE: Finished ssl-enum-ciphers against <IP Address replaced>:22. NSE: [ssl-enum-ciphers <IP Address replaced>:443] (TLSv1.1) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.1) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:443] (SSLv3) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:443] (TLSv1.1) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.1) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:443] (SSLv3) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.1) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:22. NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (TLSv1.0) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:22. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:443] (TLSv1.1) Can't connect: TIMEOUT NSE: Finished ssl-enum-ciphers against <IP Address replaced>:443. NSE: [ssl-enum-ciphers <IP Address replaced>:443] (TLSv1.0) Can't connect: TIMEOUT NSE: Finished ssl-enum-ciphers against <IP Address replaced>:443. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.2) Can't connect: TIMEOUT NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8443. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.1) Can't connect: TIMEOUT NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8443. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (TLSv1.0) Can't connect: TIMEOUT NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8443. NSE: [ssl-enum-ciphers <IP Address replaced>:443] (SSLv3) Can't connect: TIMEOUT NSE: Finished ssl-enum-ciphers against <IP Address replaced>:443. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Protocol mismatch (received TLSv1.0) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (SSLv3) 53 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8080. NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (SSLv3) 53 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:80. NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.1) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:80. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.0) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8080. NSE: [ssl-enum-ciphers <IP Address replaced>:8443] (SSLv3) Can't connect: TIMEOUT NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8443. NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8443. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.1) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8080. NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.0) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:80. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:443] (TLSv1.2) Comparing TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 to TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:443. NSE: Finished ssl-enum-ciphers against <IP Address replaced>:443. NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:22] (SSLv3) 53 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:22. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:22. NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) 64 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE Timing: About 70.00% done; ETC: 14:10 (0:00:13 remaining) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:80] (TLSv1.2) 13 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:80. NSE: Finished ssl-enum-ciphers against <IP Address replaced>:80. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (SSLv3) 53 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:3260. NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) Couldn't read a TLS record: EOF NSE: [ssl-enum-ciphers <IP Address replaced>:8080] (TLSv1.2) 13 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8080. NSE: Finished ssl-enum-ciphers against <IP Address replaced>:8080. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) 58 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.0) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:3260. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.1) 25 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:3260. NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE Timing: About 93.33% done; ETC: 14:11 (0:00:04 remaining) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: ERROR NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE Timing: About 93.33% done; ETC: 14:11 (0:00:07 remaining) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE Timing: About 93.33% done; ETC: 14:12 (0:00:09 remaining) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 15 ciphers and/or protocol rejected. (No handshake) NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) Couldn't read a TLS record: TIMEOUT NSE: [ssl-enum-ciphers <IP Address replaced>:3260] (TLSv1.2) 13 ciphers and/or protocol rejected. (No handshake) NSE: Finished ssl-enum-ciphers against <IP Address replaced>:3260. NSE: Finished ssl-enum-ciphers against <IP Address replaced>:3260. Completed NSE at 14:12, 131.77s elapsed Nmap scan report for <IP Address replaced> Host is up, received syn-ack (0.13s latency). Scanned at 2018-01-30 14:10:02 IST for 144s Not shown: 994 filtered ports Reason: 994 no-responses PORT STATE SERVICE REASON 22/tcp open ssh syn-ack 80/tcp open http syn-ack 443/tcp open https syn-ack | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp160k1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | Key exchange (secp160k1) of lower strength than certificate key |_ least strength: A 3260/tcp open iscsi syn-ack 8080/tcp open http-proxy syn-ack 8443/tcp open https-alt syn-ack Final times for host: srtt: 132820 rttvar: 15229 to: 193736 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 14:12 Completed NSE at 14:12, 0.00s elapsed Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 144.74 secondsOn Sun, Jan 21, 2018 at 1:42 AM, Daniel Miller <bonsaiviking () gmail com> wrote: Anil, Thanks for reporting this. The most useful output would be if you ran the script with -d to enable debug output. Since we are not interested in the output of the other scripts, and the "+" means that the script will run regardless of detected service, do not use the -sV option when collecting the debug output. Example: nmap --script +ssl-enum-ciphers -p443 x.x.x.x Dan On Wed, Jan 17, 2018 at 4:07 AM, NAYAK, ANIL KUMAR <nayakani () gmail com> wrote:Dear Team, 1. nmap output does not list ciphers available in ALL expected ports (not consistent) 2. nmap output does not list ciphers against a specific port consistently Here the appliance/program runs on Linux 3.10.0-327 (RHEL 7.2) I need help to explain why it is happening , own script (openssl s_client) confirms that TLS v1.2 exclusive ciphers are available at port 443,8443(tomcat) & 5989(cimom), but nmap failed to list it consistently. Could this happen because nmap does not like certain response from target or it is possible that target possibly did not provide the list on few attempts (due to firewall etc? ). How to troubleshoot this ? Please see the test results below. Many thanks for any help you may have to offer. My objective is to show(consistent manner) the Ciphers available at Port 443 . Kind regards, Anil. Outputs: (replaced IP with x.x.x.x) ----------- 1. a. Unsuccessful : (Does not list for ANY ports , subsequently we could see the same command was successful on all expected ports) ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 14:39 IST Nmap scan report for x.x.x.x Host is up (0.0037s latency). Not shown: 995 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0) 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 3260/tcp open tcpwrapped 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 8443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 144.95 seconds b. Successful: (but this result varies , ciphers gets listed under port 443,8443, 5989 .. but it varies too often) ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 15:21 IST Nmap scan report for x.x.x.x Host is up (0.0025s latency). Not shown: 996 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0) 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp160k1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | Key exchange (secp160k1) of lower strength than certificate key |_ least strength: A 3260/tcp open iscsi? 8443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp160k1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | Key exchange (secp160k1) of lower strength than certificate key |_ least strength: A Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 271.48 seconds 2 a. Unsuccessful: It should ideally list the ciphers which it could find subsequently (in section b) ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x -p 443 Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 14:23 IST Nmap scan report for x.x.x.x.x Host is up (0.0024s latency). PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 19.03 seconds b. Successful : ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x. -p 443 Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 14:26 IST Nmap scan report for x.x.x.x Host is up (0.0020s latency). PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp160k1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | Key exchange (secp160k1) of lower strength than certificate key |_ least strength: A Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 29.75 seconds _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap does not list ciphers consistently NAYAK, ANIL KUMAR (Jan 20)
- Re: nmap does not list ciphers consistently Daniel Miller (Jan 20)
- Re: nmap does not list ciphers consistently NAYAK, ANIL KUMAR (Feb 05)
- Re: nmap does not list ciphers consistently nnposter (Feb 05)
- Re: nmap does not list ciphers consistently nayakani (Feb 17)
- Re: nmap does not list ciphers consistently Daniel Miller (Feb 13)
- Re: nmap does not list ciphers consistently NAYAK, ANIL KUMAR (Feb 05)
- Re: nmap does not list ciphers consistently Daniel Miller (Jan 20)