Home page logo

nmap-dev logo Nmap Development mailing list archives

RE: [NSE] modified ssl-enum-ciphers to indicate policy compliance
From: Gabriel Lawrence <gabriel.lawrence () gmail com>
Date: Wed, 11 May 2011 16:45:56 -0700


Thanks. I decided to join the mail list so I'd see these things from now on.
I finally got a chance to make the changes recommended below. Attached are
the new files. Let me know if you think anything else should be tweaked or
if these are good to go!

PS: I don’t really consider my neckbeard to be awesome enough to make
recommendations for the world on what reasonable ciphers should be on their
default list. I took a wag at it anyway, so some review of that list
wouldn’t be a bad idea. I don’t think I included anything bad, but I may
have omitted something good.



-----Original Message-----
From: David Fifield [mailto:david () bamsoftware com]
Sent: Tuesday, April 19, 2011 10:26 AM
To: Lawrence, Gabe
Cc: nmap-dev () insecure org
Subject: Re: [NSE] modified ssl-enum-ciphers to indicate policy compliance

Hi Gabe. Nice job on these modifications. You might not have been Cced on a
couple of replies:



I think I agree with Ron: It would be nice if an external data file
classified ciphers into "strong" and "weak". We could add such a file to the
distribution and make the script read it by default. Then for audits like
yours, someone could just modify the file to match their own cipher

If you do this, please base your work on the latest version of the script,
which has some minor changes.


David Fifield

Attachment: samplegoodciphers

Attachment: ssl-enum-ciphers.nse

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]