mailing list archives
Re: [PATCH] Always list SSL in case any SSL connection succeeded
From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Tue, 24 Feb 2009 22:34:59 +0100
Kristof Boeynaems wrote:
David Fifield wrote:
One more thing: In the test you described, the output should be
"ssl/unknown?", not "ssl/unknown". Leaving off the question mark makes
it look as if the port was positively identified. It's confusing in this
case because the port is named "unknown", but that name comes from the
nmap-services file. If you repeat the s_server experiment with port 80
you'll see what I mean. The output should be "ssl/http?", not "ssl/http"
Good point. I'll look into that once we have agreed on where we should
make the change :)
Mmm, I had a look, and it seems that the behavior is slightly different
than you describe. Did you really get those results after applying the
patch? I am unable to reproduce those.
I believe that with the patch, the test case above will always return
"ssl/unknown", no matter the port.
It will always default to line 476 in output.cc, thus adding "unknown"
to the "ssl/" string set earlier.
Nevertheless, if you prefer "ssl/unknown?" for these cases, we can
probably change it there.
However, while "ssl/http" would indeed not be acceptable, I think
"ssl/unknown" is better than "ssl/unknown?", as we are sure that there
is "something" behind ssl (and we are sure that we don't know what ;)).
I am afraid that displaying "ssl/unknown?" might give the impression
that even the "ssl/" part is doubtful.
What do you think?
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org