Home page logo

nmap-dev logo Nmap Development mailing list archives

NSE: Need advice on pulling SSL cert used for TLS connection over SMTP port 25
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 01 Oct 2009 18:21:25 -0500

Ok, I have been messing around with trying to pull the SSL cert that is
being used for the TLS connection over port 25.  After a couple questions
from David I have basically decided that I am probably making this much
harder than it has to be and wasting time.

Basically I am trying to gather information about the SSL certificate that
is being used for a SMTP over TLS connection on port 25.  The problem is that
the session starts out non-SSL.  Once the connection is made, and if the
server supports it, the client issues the STARTTLS command and then a TLS
connection is negotiated.

This port is different than 465 where the whole conversation starts out and
is encapsulated with SSL/TLS.

I have tried connecting to port 25 with a socket, getting to STARTTLS and
then trying to use get_ssl_certificate() but I think at that point it expects
that the SSL tunnel has already been negotiated.

My last effort involved modifying ssl-cert.nse to work on port 25, then
if the SSL session errored out on port 25/smtp I would open a fresh socket,
toss EHLO at it, vet the response and then send STARTTLS.  If that is all
good I tried grabbing the cert..

Any thoughts on kicking off the SSL negotiation on a existing socket or any
thing else that would help for that matter.

Thanks much,

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]