Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

ssl-enum-ciphers.nse not showing TLS_ECDHE* ciphers

From: Guido van Rooij <guido () gvr org>
Date: Fri, 12 Mar 2021 12:28:53 +0100
With nmap 7.60, I scanned the host with IP address 3.132.36.206 with the below reesulst:


nmap -sV --script ssl-enum-ciphers -p 443 3.132.36.206


    Starting Nmap 7.60 ( https://nmap.org ) at 2021-03-10 11:06 UTC
    Nmap scan report for ec2-3-132-36-206.us-east-2.compute.amazonaws.com (3.132.36.206)
    Host is up (0.094s latency).

    PORT    STATE SERVICE  VERSION
    443/tcp open  ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
    | ssl-enum-ciphers:
    |   TLSv1.0:
    |     ciphers:
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |     compressors:
    |       NULL
    |     cipher preference: server
    |     warnings:
    |       64-bit block cipher 3DES vulnerable to SWEET32 attack
    |   TLSv1.1:
    |     ciphers:
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |     compressors:
    |       NULL
    |     cipher preference: server
    |     warnings:
    |       64-bit block cipher 3DES vulnerable to SWEET32 attack
    |   TLSv1.2:
    |     ciphers:
    |       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |     compressors:
    |       NULL
    |     cipher preference: server
    |     warnings:
    |       64-bit block cipher 3DES vulnerable to SWEET32 attack
    |_  least strength: C
    
    Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 29.27 seconds

The same command with nmap 7.91 does not show the TLS_ECDHE* ciphers. Tested
both on Ubuntu 18.04.5 as on FreeBSD 12.1:

    >  nmap -sV --script ssl-enum-ciphers -p 443 3.132.36.206
    Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-10 12:08 CET
    Nmap scan report for ec2-3-132-36-206.us-east-2.compute.amazonaws.com (3.132.36.206)
    Host is up (0.096s latency).

    PORT    STATE SERVICE  VERSION
    443/tcp open  ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
    | ssl-enum-ciphers:
    |   TLSv1.0:
    |     ciphers:
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |     compressors:
    |       NULL
    |     cipher preference: server
    |     warnings:
    |       64-bit block cipher 3DES vulnerable to SWEET32 attack
    |       Forward Secrecy not supported by any cipher
    |   TLSv1.1:
    |     ciphers:
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |     compressors:
    |       NULL
    |     cipher preference: server
    |     warnings:
    |       64-bit block cipher 3DES vulnerable to SWEET32 attack
    |       Forward Secrecy not supported by any cipher
    |   TLSv1.2:
    |     ciphers:
    |       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
    |     compressors:
    |       NULL
    |     cipher preference: server
    |     warnings:
    |       64-bit block cipher 3DES vulnerable to SWEET32 attack
    |       Forward Secrecy not supported by any cipher
    |_  least strength: C
    
    Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 18.60 seconds

Anyone know how to fix this?

Thanks,

Guido van Rooij
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: