From 06e6062dba80032db1423578afc3bf16eeec70bc Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 18 Jun 2015 23:32:35 +0000
Subject: [PATCH] Prevent ssl-enum-ciphers from running on detected-non-ssl
 services

---
 scripts/ssl-enum-ciphers.nse | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index d333464d3..2a5b4eaf5 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -830,8 +830,8 @@ end
 
 portrule = function (host, port)
   return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)
-  -- selected by name
-  or nmap.version_intensity() == 9
+  -- selected by name and we didn't detect something *not* SSL
+  or (port.version.name_confidence <= 3 and nmap.version_intensity() == 9)
 end
 
 --- Return a table that yields elements sorted by key when iterated over with pairs()
@@ -859,7 +859,6 @@ action = function(host, port)
 
   -- If we're selected by name, we might have to check whether it's even an SSL port
   if not (shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)) then
-    stdnse.verbose1("Sending confirmation probe")
     -- SSLSessionReq probe from nmap-service-probes
     local status, resp = comm.exchange(host, port,
       "\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\z
@@ -870,6 +869,7 @@ action = function(host, port)
         resp:match("^\x16\x03[\0-\x03]..\x02...\x03[\0-\x03]") or
         resp:match("^\x15\x03[\0-\x03]\0\x02\x02[F\x28]")
         ) then
+      stdnse.debug1("Not an SSL service.")
       return nil
     end
   end