Issue with ssh2-enum-algos?

[Frank Bergmann <nmap () tuxad com>]

Hi,

while playing around with the ssh protocol I noticed that ssh2-enum-algos
lists different algorithms for kex_algorithms, encryption_algorithms and
mac_algorithms than what I get from the same ssh server.

I also made a test with ssh itself for encryption_algorithms and it did show
up exactly the same list like I get with my own tool.
ssh2-enum-algos shows also aes256-cbc which doesn't appear in my tool and in
ssh client:

$ ./ssh-algorithms 1.2.3.4 22|grep ^enc|cut -d: -f2|tr , '\n'|sort
aes128-ctr
aes128-gcm () openssh com
aes192-ctr
aes256-ctr
aes256-gcm () openssh com
chacha20-poly1305 () openssh com

$ ssh -c aes256-cbc -p22 1.2.3.4
Unable to negotiate with 89.163.156.26 port 443: no matching cipher found. Their offer: chacha20-poly1305 () openssh 
com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm () openssh com,aes256-gcm () openssh com

$ ssh -c aes256-cbc -p22 1.2.3.4 2>&1|sed 's,.*Their offer: ,,'|tr , '\n'|sort
aes128-ctr
aes128-gcm () openssh com
aes192-ctr
aes256-ctr
aes256-gcm () openssh com
chacha20-poly1305 () openssh com

$ nmap --script ssh2-enum-algos 1.2.3.4 22 2>&1 |grep -A8 "encryption_algorithms"
|   encryption_algorithms: (7)
|       aes256-gcm () openssh com
|       chacha20-poly1305 () openssh com
|       aes256-ctr
|       aes256-cbc                     <=====
|       aes128-gcm () openssh com
|       aes128-ctr
|       aes128-cbc
|   mac_algorithms: (8)

Am I missing something or is this a bug?

best regards,
Frank

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/