diff --git a/nselib/data/ssl-ciphers b/nselib/data/ssl-ciphers index b17e92a54..652048a83 100644 --- a/nselib/data/ssl-ciphers +++ b/nselib/data/ssl-ciphers @@ -1,42 +1,365 @@ -SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA strong -TLS_RSA_WITH_3DES_EDE_CBC_SHA strong -TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA strong -TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA strong -TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA strong -TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strong -TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA strong -TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA strong -TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA strong -TLS_RSA_WITH_RC4_128_SHA strong -TLS_DHE_DSS_WITH_RC4_128_SHA strong -TLS_ECDH_ECDSA_WITH_RC4_128_SHA strong -TLS_ECDHE_ECDSA_WITH_RC4_128_SHA strong -TLS_ECDH_RSA_WITH_RC4_128_SHA strong -TLS_ECDHE_RSA_WITH_RC4_128_SHA strong -TLS_RSA_WITH_AES_128_CBC_SHA strong -TLS_DH_DSS_WITH_AES_128_CBC_SHA strong -TLS_DH_RSA_WITH_AES_128_CBC_SHA strong -TLS_DHE_DSS_WITH_AES_128_CBC_SHA strong -TLS_DHE_RSA_WITH_AES_128_CBC_SHA strong -TLS_RSA_WITH_AES_128_CBC_SHA256 strong -TLS_DH_DSS_WITH_AES_128_CBC_SHA256 strong -TLS_DH_RSA_WITH_AES_128_CBC_SHA256 strong -TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 strong -TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 strong -TLS_RSA_WITH_AES_128_GCM_SHA256 strong -TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 strong -TLS_DH_RSA_WITH_AES_128_GCM_SHA256 strong -TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 strong -TLS_DH_DSS_WITH_AES_128_GCM_SHA256 strong -TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA strong -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA strong -TLS_ECDH_RSA_WITH_AES_128_CBC_SHA strong -TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA strong -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 strong -TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 strong -TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 strong -TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 strong -TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 strong -TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 strong -TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 strong -TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 strong +#!comment: Scoring based on ssllabs.com (Qualys) rating system +#!comment: https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide_2009.pdf +#!comment: Anonymous key exchange or NULL encryption are automatic failures +#!comment: Encryption cipher strength weighted 60% and based on key size +#!comment: Key exchange cipher strength weighted 40%. Only penalty is for EXPORT-grade +#!comment: (truncated key) algorithm. Actual key strength is based on server's certificate +#!comment: or DH primes, which we don't calculate currently. +#!comment: Score of A is ranked "strong", D and E are "weak", and F is "broken" +#!comment: CIPHER_SUITE STRENGTH +TLS_NULL_WITH_NULL_NULL broken +TLS_RSA_WITH_NULL_MD5 broken +TLS_RSA_WITH_NULL_SHA broken +TLS_RSA_EXPORT_WITH_RC4_40_MD5 weak +TLS_RSA_WITH_RC4_128_MD5 strong +TLS_RSA_WITH_RC4_128_SHA strong +TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 weak +TLS_RSA_WITH_IDEA_CBC_SHA weak +TLS_RSA_EXPORT_WITH_DES40_CBC_SHA weak +TLS_RSA_WITH_DES_CBC_SHA weak +TLS_RSA_WITH_3DES_EDE_CBC_SHA strong +TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA weak +TLS_DH_DSS_WITH_DES_CBC_SHA weak +TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA strong +TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA weak +TLS_DH_RSA_WITH_DES_CBC_SHA weak +TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA strong +TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA weak +TLS_DHE_DSS_WITH_DES_CBC_SHA weak +TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA strong +TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA weak +TLS_DHE_RSA_WITH_DES_CBC_SHA weak +TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA strong +TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 broken +TLS_DH_anon_WITH_RC4_128_MD5 broken +TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA broken +TLS_DH_anon_WITH_DES_CBC_SHA broken +TLS_DH_anon_WITH_3DES_EDE_CBC_SHA broken +SSL_FORTEZZA_KEA_WITH_NULL_SHA broken +TLS_KRB5_WITH_DES_CBC_SHA-or-SSL_FORTEZZA_KEA_WITH_RC4_128_SHA weak +TLS_KRB5_WITH_3DES_EDE_CBC_SHA strong +TLS_KRB5_WITH_RC4_128_SHA strong +TLS_KRB5_WITH_IDEA_CBC_SHA weak +TLS_KRB5_WITH_DES_CBC_MD5 weak +TLS_KRB5_WITH_3DES_EDE_CBC_MD5 strong +TLS_KRB5_WITH_RC4_128_MD5 strong +TLS_KRB5_WITH_IDEA_CBC_MD5 weak +TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA weak +TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA weak +TLS_KRB5_EXPORT_WITH_RC4_40_SHA weak +TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 weak +TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 weak +TLS_KRB5_EXPORT_WITH_RC4_40_MD5 weak +TLS_PSK_WITH_NULL_SHA broken +TLS_DHE_PSK_WITH_NULL_SHA broken +TLS_RSA_PSK_WITH_NULL_SHA broken +TLS_RSA_WITH_AES_128_CBC_SHA strong +TLS_DH_DSS_WITH_AES_128_CBC_SHA strong +TLS_DH_RSA_WITH_AES_128_CBC_SHA strong +TLS_DHE_DSS_WITH_AES_128_CBC_SHA strong +TLS_DHE_RSA_WITH_AES_128_CBC_SHA strong +TLS_DH_anon_WITH_AES_128_CBC_SHA broken +TLS_RSA_WITH_AES_256_CBC_SHA strong +TLS_DH_DSS_WITH_AES_256_CBC_SHA strong +TLS_DH_RSA_WITH_AES_256_CBC_SHA strong +TLS_DHE_DSS_WITH_AES_256_CBC_SHA strong +TLS_DHE_RSA_WITH_AES_256_CBC_SHA strong +TLS_DH_anon_WITH_AES_256_CBC_SHA broken +TLS_RSA_WITH_NULL_SHA256 broken +TLS_RSA_WITH_AES_128_CBC_SHA256 strong +TLS_RSA_WITH_AES_256_CBC_SHA256 strong +TLS_DH_DSS_WITH_AES_128_CBC_SHA256 strong +TLS_DH_RSA_WITH_AES_128_CBC_SHA256 strong +TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 strong +TLS_RSA_WITH_CAMELLIA_128_CBC_SHA strong +TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA strong +TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA strong +TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA strong +TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA strong +TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA broken +TLS_ECDH_ECDSA_WITH_NULL_SHA-draft broken +TLS_ECDH_ECDSA_WITH_RC4_128_SHA-draft strong +TLS_ECDH_ECDSA_WITH_DES_CBC_SHA-draft weak +TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA-draft strong +TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA-draft strong +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA-draft strong +TLS_ECDH_ECNRA_WITH_DES_CBC_SHA-draft weak +TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA-draft strong +TLS_ECMQV_ECDSA_NULL_SHA-draft broken +TLS_ECMQV_ECDSA_WITH_RC4_128_SHA-draft strong +TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA-draft weak +TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA-draft strong +TLS_ECMQV_ECNRA_NULL_SHA-draft broken +TLS_ECMQV_ECNRA_WITH_RC4_128_SHA-draft strong +TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA-draft weak +TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA-draft strong +TLS_ECDH_anon_NULL_WITH_SHA-draft broken +TLS_ECDH_anon_WITH_RC4_128_SHA-draft broken +TLS_ECDH_anon_WITH_DES_CBC_SHA-draft broken +TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA-draft broken +TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA-draft broken +TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA-draft broken +TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 weak +TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 weak +TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA weak +TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA weak +TLS_RSA_EXPORT1024_WITH_RC4_56_SHA weak +TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA weak +TLS_DHE_DSS_WITH_RC4_128_SHA strong +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 strong +TLS_DH_DSS_WITH_AES_256_CBC_SHA256 strong +TLS_DH_RSA_WITH_AES_256_CBC_SHA256 strong +TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 strong +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 strong +TLS_DH_anon_WITH_AES_128_CBC_SHA256 broken +TLS_DH_anon_WITH_AES_256_CBC_SHA256 broken +TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD strong +TLS_DHE_DSS_WITH_AES_128_CBC_RMD strong +TLS_DHE_DSS_WITH_AES_256_CBC_RMD strong +TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD strong +TLS_DHE_RSA_WITH_AES_128_CBC_RMD strong +TLS_DHE_RSA_WITH_AES_256_CBC_RMD strong +TLS_RSA_WITH_3DES_EDE_CBC_RMD strong +TLS_RSA_WITH_AES_128_CBC_RMD strong +TLS_RSA_WITH_AES_256_CBC_RMD strong +TLS_GOSTR341094_WITH_NULL_GOSTR3411 broken +TLS_GOSTR341001_WITH_NULL_GOSTR3411 broken +TLS_RSA_WITH_CAMELLIA_256_CBC_SHA strong +TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA strong +TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA strong +TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA strong +TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA strong +TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA broken +TLS_PSK_WITH_RC4_128_SHA strong +TLS_PSK_WITH_3DES_EDE_CBC_SHA strong +TLS_PSK_WITH_AES_128_CBC_SHA strong +TLS_PSK_WITH_AES_256_CBC_SHA strong +TLS_DHE_PSK_WITH_RC4_128_SHA strong +TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA strong +TLS_DHE_PSK_WITH_AES_128_CBC_SHA strong +TLS_DHE_PSK_WITH_AES_256_CBC_SHA strong +TLS_RSA_PSK_WITH_RC4_128_SHA strong +TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA strong +TLS_RSA_PSK_WITH_AES_128_CBC_SHA strong +TLS_RSA_PSK_WITH_AES_256_CBC_SHA strong +TLS_RSA_WITH_SEED_CBC_SHA strong +TLS_DH_DSS_WITH_SEED_CBC_SHA strong +TLS_DH_RSA_WITH_SEED_CBC_SHA strong +TLS_DHE_DSS_WITH_SEED_CBC_SHA strong +TLS_DHE_RSA_WITH_SEED_CBC_SHA strong +TLS_DH_anon_WITH_SEED_CBC_SHA broken +TLS_RSA_WITH_AES_128_GCM_SHA256 strong +TLS_RSA_WITH_AES_256_GCM_SHA384 strong +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 strong +TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 strong +TLS_DH_RSA_WITH_AES_128_GCM_SHA256 strong +TLS_DH_RSA_WITH_AES_256_GCM_SHA384 strong +TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 strong +TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 strong +TLS_DH_DSS_WITH_AES_128_GCM_SHA256 strong +TLS_DH_DSS_WITH_AES_256_GCM_SHA384 strong +TLS_DH_anon_WITH_AES_128_GCM_SHA256 broken +TLS_DH_anon_WITH_AES_256_GCM_SHA384 broken +TLS_PSK_WITH_AES_128_GCM_SHA256 strong +TLS_PSK_WITH_AES_256_GCM_SHA384 strong +TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 strong +TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 strong +TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 strong +TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 strong +TLS_PSK_WITH_AES_128_CBC_SHA256 strong +TLS_PSK_WITH_AES_256_CBC_SHA384 strong +TLS_PSK_WITH_NULL_SHA256 broken +TLS_PSK_WITH_NULL_SHA384 broken +TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 strong +TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 strong +TLS_DHE_PSK_WITH_NULL_SHA256 broken +TLS_DHE_PSK_WITH_NULL_SHA384 broken +TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 strong +TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 strong +TLS_RSA_PSK_WITH_NULL_SHA256 broken +TLS_RSA_PSK_WITH_NULL_SHA384 broken +TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 broken +TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 strong +TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 strong +TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 strong +TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 strong +TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 strong +TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 broken +TLS_ECDH_ECDSA_WITH_NULL_SHA broken +TLS_ECDH_ECDSA_WITH_RC4_128_SHA strong +TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strong +TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA strong +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA strong +TLS_ECDHE_ECDSA_WITH_NULL_SHA broken +TLS_ECDHE_ECDSA_WITH_RC4_128_SHA strong +TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA strong +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA strong +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA strong +TLS_ECDH_RSA_WITH_NULL_SHA broken +TLS_ECDH_RSA_WITH_RC4_128_SHA strong +TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA strong +TLS_ECDH_RSA_WITH_AES_128_CBC_SHA strong +TLS_ECDH_RSA_WITH_AES_256_CBC_SHA strong +TLS_ECDHE_RSA_WITH_NULL_SHA broken +TLS_ECDHE_RSA_WITH_RC4_128_SHA strong +TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA strong +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA strong +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA strong +TLS_ECDH_anon_WITH_NULL_SHA broken +TLS_ECDH_anon_WITH_RC4_128_SHA broken +TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA broken +TLS_ECDH_anon_WITH_AES_128_CBC_SHA broken +TLS_ECDH_anon_WITH_AES_256_CBC_SHA broken +TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA strong +TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA strong +TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA strong +TLS_SRP_SHA_WITH_AES_128_CBC_SHA strong +TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA strong +TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA strong +TLS_SRP_SHA_WITH_AES_256_CBC_SHA strong +TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA strong +TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA strong +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 strong +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 strong +TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 strong +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 strong +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 strong +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 strong +TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 strong +TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 strong +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 strong +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 strong +TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 strong +TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 strong +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 strong +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 strong +TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 strong +TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 strong +TLS_ECDHE_PSK_WITH_RC4_128_SHA strong +TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA strong +TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA strong +TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA strong +TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 strong +TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 strong +TLS_ECDHE_PSK_WITH_NULL_SHA broken +TLS_ECDHE_PSK_WITH_NULL_SHA256 broken +TLS_ECDHE_PSK_WITH_NULL_SHA384 broken +TLS_RSA_WITH_ARIA_128_CBC_SHA256 strong +TLS_RSA_WITH_ARIA_256_CBC_SHA384 strong +TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 strong +TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 strong +TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 strong +TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 strong +TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 strong +TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 strong +TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 strong +TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 strong +TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 broken +TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 broken +TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 strong +TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 strong +TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 strong +TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 strong +TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 strong +TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 strong +TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 strong +TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 strong +TLS_RSA_WITH_ARIA_128_GCM_SHA256 strong +TLS_RSA_WITH_ARIA_256_GCM_SHA384 strong +TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 strong +TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 strong +TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 strong +TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 strong +TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 strong +TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 strong +TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 strong +TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 strong +TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 broken +TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 broken +TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 strong +TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 strong +TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 strong +TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 strong +TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 strong +TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 strong +TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 strong +TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 strong +TLS_PSK_WITH_ARIA_128_CBC_SHA256 strong +TLS_PSK_WITH_ARIA_256_CBC_SHA384 strong +TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 strong +TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 strong +TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 strong +TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 strong +TLS_PSK_WITH_ARIA_128_GCM_SHA256 strong +TLS_PSK_WITH_ARIA_256_GCM_SHA384 strong +TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 strong +TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 strong +TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 strong +TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 strong +TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 strong +TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 strong +TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 broken +TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 broken +TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 strong +TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 strong +TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 strong +TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 strong +TLS_RSA_WITH_AES_128_CCM strong +TLS_RSA_WITH_AES_256_CCM strong +TLS_DHE_RSA_WITH_AES_128_CCM strong +TLS_DHE_RSA_WITH_AES_256_CCM strong +TLS_RSA_WITH_AES_128_CCM_8 strong +TLS_RSA_WITH_AES_256_CCM_8 strong +TLS_DHE_RSA_WITH_AES_128_CCM_8 strong +TLS_DHE_RSA_WITH_AES_256_CCM_8 strong +TLS_PSK_WITH_AES_128_CCM strong +TLS_PSK_WITH_AES_256_CCM strong +TLS_DHE_PSK_WITH_AES_128_CCM strong +TLS_DHE_PSK_WITH_AES_256_CCM strong +TLS_PSK_WITH_AES_128_CCM_8 strong +TLS_PSK_WITH_AES_256_CCM_8 strong +TLS_PSK_DHE_WITH_AES_128_CCM_8 strong +TLS_PSK_DHE_WITH_AES_256_CCM_8 strong +SSL_RSA_FIPS_WITH_DES_CBC_SHA weak +SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA strong diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse index 8912ffbaa..5a8b510a3 100644 --- a/scripts/ssl-enum-ciphers.nse +++ b/scripts/ssl-enum-ciphers.nse @@ -201,7 +201,7 @@ CIPHERS = { ["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"] = 0x001B, ["SSL_FORTEZZA_KEA_WITH_NULL_SHA"] = 0x001C, ["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"] = 0x001D, -["TLS_KRB5_WITH_DES_CBC_SHA or SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"] = 0x001E, --TLS vs SSLv3 +["TLS_KRB5_WITH_DES_CBC_SHA-or-SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"] = 0x001E, --TLS vs SSLv3 ["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"] = 0x001F, ["TLS_KRB5_WITH_RC4_128_SHA"] = 0x0020, ["TLS_KRB5_WITH_IDEA_CBC_SHA"] = 0x0021,