Nmap Development mailing list archives
nmap 'ssl-enum-ciphers' does not display all ciphers
From: "Lemons, Terry" <Terry.Lemons () dell com>
Date: Tue, 9 Jan 2018 23:25:14 +0000
Hi I've been using nmap's 'ssl-enum-ciphers' script to probe a nginx system using the following cipher settings: ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers "DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256"; I expected 'ssl-enum-ciphers' to show all of these ciphers. But, it shows only two: ledmf081:~ # nmap -sV -p 443 --script ssl-enum-ciphers 10.7.104.53 Starting Nmap 6.46 ( http://nmap.org ) at 2018-01-09 18:19 EST Nmap scan report for 10.7.104.53 Host is up (0.046s latency). PORT STATE SERVICE VERSION 443/tcp open http nginx | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: No supported ciphers found | TLSv1.1: No supported ciphers found | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | compressors: | NULL |_ least strength: strong Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 7.66 seconds ledmf081:~ # Is this a known defect? My environment is: ledmf081:~ # nmap -v Starting Nmap 6.46 ( http://nmap.org ) at 2018-01-09 18:20 EST Read data files from: /usr/bin/../share/nmap WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds Raw packets sent: 0 (0B) | Rcvd: 0 (0B) ledmf081:~ # ledmf081:~ # cat /etc/os-release NAME="SLES" VERSION="12-SP3" VERSION_ID="12.3" PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3" ID="sles" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:12:sp3" ledmf081:~ # Thanks! tl Terry Lemons [DellEMC_Logo_Hz_Blue_rgb_10percent]| Data Protection Division 171 South Street, MS 1/C-6 Hopkinton MA 01748 774 803 2892 terry.lemons () dell com<mailto:terry.lemons () dell com>
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap 'ssl-enum-ciphers' does not display all ciphers Lemons, Terry (Jan 09)
- Re: nmap 'ssl-enum-ciphers' does not display all ciphers nnposter (Jan 09)
- Message not available
- Re: nmap 'ssl-enum-ciphers' does not display all ciphers nnposter (Jan 10)
- Message not available
- Re: nmap 'ssl-enum-ciphers' does not display all ciphers nnposter (Jan 09)