PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Restore Supported Point Formats Extension. Fixes #1187

Browse Source 
Some servers are not compliant with RFC 4492, section 4,
and abort the handshake when the extension is missing.
This commit is contained in:
nnposter
2021-03-21 02:37:18 +00:00
parent 024bbf84f1
commit 068e77a37f
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/ssl-enum-ciphers.nse
View File

@@ -516,7 +516,13 @@ local function base_extensions(host)
local tlsname = tls.servername(host) local tlsname = tls.servername(host)
return { return {
-- Claim to support common elliptic curves -- Claim to support common elliptic curves
-- TODO: Determine desire to comply with RFC 4492, section 4:
-- "The client MUST NOT include these extensions in the ClientHello
-- message if it does not propose any ECC cipher suites."
-- OTOH, OpenSSL 1.1.1 sends them always so it is probably safe.
["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES), ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES),
-- Some servers require Supported Point Formats Extension
["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"]({"uncompressed"}),
-- Enable SNI if a server name is available -- Enable SNI if a server name is available
["server_name"] = tlsname and tls.EXTENSION_HELPERS["server_name"](tlsname), ["server_name"] = tlsname and tls.EXTENSION_HELPERS["server_name"](tlsname),
} }