mailing list archives
NSE: Need advice on pulling SSL cert used for TLS connection over SMTP port 25
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 01 Oct 2009 18:21:25 -0500
Ok, I have been messing around with trying to pull the SSL cert that is
being used for the TLS connection over port 25. After a couple questions
from David I have basically decided that I am probably making this much
harder than it has to be and wasting time.
Basically I am trying to gather information about the SSL certificate that
is being used for a SMTP over TLS connection on port 25. The problem is that
the session starts out non-SSL. Once the connection is made, and if the
server supports it, the client issues the STARTTLS command and then a TLS
connection is negotiated.
This port is different than 465 where the whole conversation starts out and
is encapsulated with SSL/TLS.
I have tried connecting to port 25 with a socket, getting to STARTTLS and
then trying to use get_ssl_certificate() but I think at that point it expects
that the SSL tunnel has already been negotiated.
My last effort involved modifying ssl-cert.nse to work on port 25, then
if the SSL session errored out on port 25/smtp I would open a fresh socket,
toss EHLO at it, vet the response and then send STARTTLS. If that is all
good I tried grabbing the cert..
Any thoughts on kicking off the SSL negotiation on a existing socket or any
thing else that would help for that matter.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- NSE: Need advice on pulling SSL cert used for TLS connection over SMTP port 25 Tom Sellers (Oct 01)