Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: some ssl version scanning not working [patch]
From: Matt Selsky <selsky () columbia edu>
Date: Sun, 23 Jan 2011 13:28:41 -0500

SSL is detected as TLS 1.0.

This doesn't match openssl's s_client.  For that application, I need to explicitly disable TLSv1 via -no_tls1, or I 
need to specify SSLv3 only via -ssl3.  s_client cannot connect when it tries the default SSLv2/v3 behavior.

This patch doesn't fix the SSL version being incorrectly detected as TLSv1 instead of SSLv3, but it will retry a 
connection without TLSv1, similar to the retry without SSLv2 option already in handle_connect_result().

Let me know what you think.


-- 
Matt

Attachment: try-without-tlsv1.patch
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault